[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-34253/vorbis-tools: bullseye postponed

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fee71e41 by Sylvain Beucler at 2026-05-22T22:16:17+02:00
CVE-2026-34253/vorbis-tools: bullseye postponed

- - - - -
628d243b by Sylvain Beucler at 2026-05-22T22:16:20+02:00
CVE-2026-6664,CVE-2026-6665,CVE-2026-6666,CVE-2026-6667/pgbouncer: bullseye postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2821,6 +2821,7 @@ CVE-2026-34253 (A buffer underflow vulnerability has been identified in the ogg1
 	- vorbis-tools <unfixed> (bug #1136943)
 	[trixie] - vorbis-tools <no-dsa> (Minor issue)
 	[bookworm] - vorbis-tools <no-dsa> (Minor issue)
+	[bullseye] - vorbis-tools <postponed> (Minor issue, 1-byte underflow in CLI)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
 	NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/27
 	NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/commit/4bb4fb33b25949178179f689db9afb477abeb572
@@ -7275,21 +7276,25 @@ CVE-2026-6667 (PgBouncer before 1.25.2 did not perform an appropriate authorizat
 	- pgbouncer 1.25.2-1 (bug #1136075)
 	[trixie] - pgbouncer 1.24.1-1+deb13u2
 	[bookworm] - pgbouncer <no-dsa> (Minor issue)
+	[bullseye] - pgbouncer <postponed> (Minor issue, DoS)
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/97b5634be55d167a602b0bc0f09a8675997248a6 (pgbouncer_1_25_2)
 CVE-2026-6666 (A possible null pointer reference in PgBouncer before 1.25.2 could lea ...)
 	- pgbouncer 1.25.2-1 (bug #1136075)
 	[trixie] - pgbouncer 1.24.1-1+deb13u2
 	[bookworm] - pgbouncer <no-dsa> (Minor issue)
+	[bullseye] - pgbouncer <postponed> (Minor issue, DoS)
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/0564f937c0fd81378d67ddcb57b0c00abc0b0f8f (pgbouncer_1_25_2)
 CVE-2026-6665 (The SCRAM code in PgBouncer before 1.25.2 did not check the return val ...)
 	- pgbouncer 1.25.2-1 (bug #1136075)
 	[trixie] - pgbouncer 1.24.1-1+deb13u2
 	[bookworm] - pgbouncer <no-dsa> (Minor issue)
+	[bullseye] - pgbouncer <postponed> (Minor issue, DoS)
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/ab8dbb3b1a73b4a195062546e5e4f964b79f5b45 (pgbouncer_1_25_2)
 CVE-2026-6664 (An integer overflow in network packet parsing code in PgBouncer before ...)
 	- pgbouncer 1.25.2-1 (bug #1136075)
 	[trixie] - pgbouncer 1.24.1-1+deb13u2
 	[bookworm] - pgbouncer <no-dsa> (Minor issue)
+	[bullseye] - pgbouncer <postponed> (Minor issue, DoS)
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/ddc63c2175825bca9ef3c0a528280acaad76dbaa (pgbouncer_1_25_2)
 CVE-2026-45130 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim 2:9.2.0461-1 (bug #1136097)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a13e1a29bd4588f26ee6af3f5c9a2266c184b17...628d243b9bd850163a721b91b4035c9c9cefbccf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a13e1a29bd4588f26ee6af3f5c9a2266c184b17...628d243b9bd850163a721b91b4035c9c9cefbccf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/3b194619/attachment-0001.htm>