[Git][security-tracker-team/security-tracker][master] 3 commits: dla-needed: add starlette

[Daniel Leidert (@dleidert)]

Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04c28d7e by Daniel Leidert at 2026-05-29T04:50:22+02:00
dla-needed: add starlette

and claim it

- - - - -
c7a5e1f6 by Daniel Leidert at 2026-05-29T04:50:23+02:00
lts: mark CVE-2026-9541/squirrel3 as postponed

Similiar issues have been postponed. Also, uptream hasn't reponded yet.

- - - - -
e7d0735f by Daniel Leidert at 2026-05-29T04:50:24+02:00
lts: mark CVE-2026-34480/apache-log4j1.2,apache-log4j2 as postponed

Effect is not of serious nature.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3561,6 +3561,7 @@ CVE-2026-9542 (A weakness has been identified in CodeAstro Leave Management Syst
 	NOT-FOR-US: CodeAstro
 CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2. Impacted is ...)
 	- squirrel3 <unfixed>
+	[bullseye] - squirrel3 <postponed> (Minor issue)
 	NOTE: https://github.com/albertodemichelis/squirrel/issues/327
 CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0. This issue ...)
 	- vllm <itp> (bug #1095237)
@@ -29266,9 +29267,11 @@ CVE-2026-34480 (Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/
 	- apache-log4j2 <unfixed> (bug #1133847)
 	[trixie] - apache-log4j2 <no-dsa> (Minor issue)
 	[bookworm] - apache-log4j2 <no-dsa> (Minor issue)
+	[bullseye] - apache-log4j2 <postponed> (Minor issue, can be fixed with next upload)
 	- apache-log4j1.2 <unfixed> (bug #1136032)
 	[trixie] - apache-log4j1.2 <no-dsa> (Minor issue)
 	[bookworm] - apache-log4j1.2 <no-dsa> (Minor issue)
+	[bullseye] - apache-log4j1.2 <postponed> (Minor issue, can be fixed with next upload)
 	NOTE: https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb
 	NOTE: https://logging.apache.org/security.html#CVE-2026-34480
 	NOTE: https://github.com/apache/logging-log4j2/pull/4077


=====================================
data/dla-needed.txt
=====================================
@@ -563,6 +563,10 @@ spip
   NOTE: 20260326: very low popcon (Beuc/front-desk)
   NOTE: 20260422: https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/342
 --
+starlette (dleidert)
+  NOTE: 20260528: Added by Front-Desk (dleidert)
+  NOTE: 20260528: follow DSA-6302-1 (dleidert/front-desk)
+--
 strongswan
   NOTE: 20260423: Added by Front-Desk (pochu)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3ccac6138d9691314a0090caa53055f17ae284e...e7d0735f0b5b4c8bf1592f07d128e765e00c18a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3ccac6138d9691314a0090caa53055f17ae284e...e7d0735f0b5b4c8bf1592f07d128e765e00c18a0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/0353ad81/attachment-0001.htm>