[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 22 09:10:58 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6cd1865 by Moritz Muehlenhoff at 2026-05-22T10:10:18+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -959,6 +959,7 @@ CVE-2026-44231
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 CVE-2026-XXXX [RUSTSEC-2026-0145]
 	- rust-astral-tokio-tar 0.6.2-1
+	[trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0145.html
 CVE-2026-41999 (Incorrect Behaviour of Views with TCP PROXY Requests)
 	- pdns 5.0.5-1
@@ -8690,6 +8691,7 @@ CVE-2026-42501 (A malicious module proxy can exploit a flaw in the go command's
 	- golang-1.24 <removed>
 	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://go-review.googlesource.com/c/go/+/775321
@@ -8701,6 +8703,7 @@ CVE-2026-42499 (Pathological inputs could cause DoS through consumePhrase when p
 	- golang-1.24 <removed>
 	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://go-review.googlesource.com/c/go/+/771520
@@ -9082,6 +9085,8 @@ CVE-2026-41644 (monetr is a budgeting application for recurring expenses. Prior
 	NOT-FOR-US: monetr
 CVE-2026-41643 (GoBGP is an open source Border Gateway Protocol (BGP) implementation i ...)
 	- gobgp 4.3.0-1
+	[trixie] - gobgp <no-dsa> (Minor issue)
+	[bookworm] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: https://github.com/osrg/gobgp/security/advisories/GHSA-8rxh-r2p6-7f2q
 	NOTE: https://github.com/osrg/gobgp/issues/3308
@@ -39271,6 +39276,8 @@ CVE-2026-30875 (Chamilo LMS is a learning management system. Prior to version 1.
 	NOT-FOR-US: Chamilo LMS
 CVE-2026-30405 (An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a d ...)
 	- gobgp 4.3.0-1 (bug #1131115)
+	[trixie] - gobgp <no-dsa> (Minor issue)
+	[bookworm] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
 	NOTE: https://github.com/osrg/gobgp/issues/3305
 	NOTE: https://github.com/osrg/gobgp/commit/f12b8fbb84f9e1a58dca932ccf0b005039f3cfb5 (v4.3.0)
@@ -85522,6 +85529,8 @@ CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: Datactive
 CVE-2025-13353 (In gokey versions <0.2.0,  a flaw in the seed decryption logic resulte ...)
 	- gokey 0.2.0-1 (bug #1121846)
+	[trixie] - gokey <no-dsa> (Minor issue)
+	[bookworm] - gokey <no-dsa> (Minor issue)
 	[bullseye] - gokey <ignored> (go is out of security support for bullseye)
 	NOTE: https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm
 	NOTE: https://github.com/cloudflare/gokey/pull/79


=====================================
data/dsa-needed.txt
=====================================
@@ -40,8 +40,12 @@ gh/oldstable
 --
 haproxy (carnil)
 --
+haveged
+--
 imagemagick
 --
+inkscape/oldstable
+--
 isc-kea/oldstable
 --
 jackson-core (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cd1865df3fd34225713cd538d45357c88891bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cd1865df3fd34225713cd538d45357c88891bc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/22f96b97/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list