[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-35979/intel-microcode: bullseye postponed

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72c40382 by Sylvain Beucler at 2026-05-22T10:16:26+02:00
CVE-2025-35979/intel-microcode: bullseye postponed

- - - - -
f8343b18 by Sylvain Beucler at 2026-05-22T10:16:28+02:00
CVE-2026-45190,CVE-2026-45191/libnet-cidr-lite-perl: bullseye postponed

- - - - -
5c8f738c by Sylvain Beucler at 2026-05-22T10:16:31+02:00
CVE-2026-42304/twisted: bullseye postponed

- - - - -
25ebb445 by Sylvain Beucler at 2026-05-22T10:16:31+02:00
dla: add yelp

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5802,6 +5802,7 @@ CVE-2025-35990 (Improper input validation for some Intel Endpoint Management Ass
 	TODO: check
 CVE-2025-35979 (Exposure of sensitive information caused by shared microarchitectural  ...)
 	- intel-microcode <unfixed> (bug #1137032)
+	[bullseye] - intel-microcode <postponed> (Wait for stable update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260512
 CVE-2025-35969 (Uncontrolled search path for some Intel(R) Server Firmware Update Util ...)
@@ -6581,6 +6582,7 @@ CVE-2024-0391 (The check user account lock states feature within the email OTP f
 	NOT-FOR-US: WSO2
 CVE-2026-42304 (Twisted is an event-based framework for internet applications, support ...)
 	- twisted 26.4.0-1
+	[bullseye] - twisted <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
 	NOTE: https://github.com/twisted/twisted/issues/12626
 	NOTE: Introduced with: https://github.com/twisted/twisted/commit/e11cd82bdd79b3ebbb0e8635cbb9c76df2b5af09 (twisted-11.1.0)
@@ -6724,11 +6726,13 @@ CVE-2026-6433 (The Custom css-js-php WordPress plugin through 2.0.7 does not pro
 	NOT-FOR-US: WordPress plugin
 CVE-2026-45191 (Net::CIDR::Lite versions before 0.24 for Perl does not properly consid ...)
 	- libnet-cidr-lite-perl 0.24-1
+	[bullseye] - libnet-cidr-lite-perl <postponed> (Minor issue, validation)
 	NOTE: https://github.com/stigtsp/Net-CIDR-Lite/commit/24e2c439ec405e5256024b9acefd4f7008c5ed0c (0.24)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/10/7
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39920370/
 CVE-2026-45190 (Net::CIDR::Lite versions before 0.24 for Perl does not properly valida ...)
 	- libnet-cidr-lite-perl 0.24-1
+	[bullseye] - libnet-cidr-lite-perl <postponed> (Minor issue, validation)
 	NOTE: https://github.com/stigtsp/Net-CIDR-Lite/commit/ca9542adec87110556601d7ce48381ea8d13e692 (0.24)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/10/6
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39920372/


=====================================
data/dla-needed.txt
=====================================
@@ -660,6 +660,9 @@ xmlrpc-c
 xrdp
   NOTE: 20260418: Added by Front-Desk (rouca)
 --
+yelp
+  NOTE: 20260522: Added by Front-Desk (Beuc)
+--
 zabbix
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: CVE-2026-23919->24 appear to be in supported scope (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a6cd1865df3fd34225713cd538d45357c88891bc...25ebb4457a88ba26e86ac9d3be0a1a07d6faa9a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a6cd1865df3fd34225713cd538d45357c88891bc...25ebb4457a88ba26e86ac9d3be0a1a07d6faa9a1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/6671ffbf/attachment.htm>