[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-33633/kitty: revert not-affected

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri May 22 17:42:04 BST 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15a9d71c by Sylvain Beucler at 2026-05-22T18:41:57+02:00
CVE-2026-33633/kitty: revert not-affected

Cf. b38768cdf15715b64de17ffeadeb14e9e3e035be

- - - - -
53d2fe2d by Sylvain Beucler at 2026-05-22T18:41:57+02:00
dla: add kitty

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1365,7 +1365,6 @@ CVE-2026-33637 (Faraday is an HTTP client library abstraction layer that provide
 	NOTE: https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09 (v2.14.2)
 CVE-2026-33633 (Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and belo ...)
 	- kitty 0.47.0-1 (bug #1137210)
-	[bullseye] - kitty <not-affected> (frame composition introduced later)
 	NOTE: https://github.com/kovidgoyal/kitty/security/advisories/GHSA-j68c-v8x4-269g
 	NOTE: Fixed by: https://github.com/kovidgoyal/kitty/commit/48ab623f594d60dbbfb1e767d9686d380ce547fb (v0.47.0)
 CVE-2026-32882 (libheif is a HEIF and AVIF file format decoder and encoder. Versions 1 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -272,6 +272,10 @@ keystone
   NOTE: 20260417: Added by Front-Desk (rouca)
   NOTE: 20260417: Fix CVE-2026-40683, please reach before zigo (rouca)
 --
+kitty
+  NOTE: 20260522: Added by Front-Desk (Beuc)
+  NOTE: 20260522: Upcoming DSA (Beuc/front-desk)
+--
 knot-resolver
   NOTE: 20251206: Added by Front-Desk (rouca)
   NOTE: 20251206: Close CVE-2022-40188 buster regression. Try to fix other non ignored CVEs.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e8a75bec0d273d8611deaed3464d5b7ecd5e1ee...53d2fe2d903bb4100fbdf3a5f0c623045b4cb3e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e8a75bec0d273d8611deaed3464d5b7ecd5e1ee...53d2fe2d903bb4100fbdf3a5f0c623045b4cb3e3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/f0c90c31/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list