[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 26 15:53:43 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dbc612a by Moritz Muehlenhoff at 2026-05-26T16:53:34+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7482,6 +7482,8 @@ CVE-2026-42860 (The Open edx Enterprise Service app provides enterprise features
 	NOT-FOR-US: Open edx Enterprise Service app
 CVE-2026-42859 (Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication ...)
 	- neatvnc <unfixed> (bug #1136644)
+	[trixie] - neatvnc <no-dsa> (Minor issue)
+	[bookworm] - neatvnc <no-dsa> (Minor issue)
 	NOTE: https://github.com/any1/neatvnc/security/advisories/GHSA-567c-gpv8-qh9h
 	NOTE: https://github.com/any1/neatvnc/commit/1f6cd6b75cc167fed3a19a9d1552a1f662f6b337 (v1.0.0)
 CVE-2026-42858 (Open edX Platform enables the authoring and delivery of online learnin ...)
@@ -22400,6 +22402,7 @@ CVE-2026-5598 (Covert timing channel vulnerability in Legion of the Bouncy Castl
 CVE-2026-5588 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legi ...)
 	- bouncycastle <unfixed> (bug #1134196)
 	NOTE: https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588
+	NOTE: https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057 (r1rv84)
 CVE-2026-5426 (Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge Knowledge ...)
 	NOT-FOR-US: Digital Knowledge KnowledgeDeliver
 CVE-2026-5387 (The vulnerability, if exploited, could allow an unauthenticated miscre ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -80,6 +80,8 @@ opennds/oldstable
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --
+perl (carnil)
+--
 php-laravel-framework/oldstable
 --
 php-twig
@@ -105,6 +107,8 @@ runc
 rust-wasmtime
   for CVE-2026-34987 CVE-2026-34971, rest would also be fine to ignore
 --
+starlette (jmm)
+--
 symfony (jmm)
   Maintainer is preparing updates
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dbc612a753a826d2fb454c85256fe3678835483

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dbc612a753a826d2fb454c85256fe3678835483
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/00a084b9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list