[Git][security-tracker-team/security-tracker][master] 5 commits: dla-needed: add nagios4

Daniel Leidert (@dleidert) dleidert at debian.org
Fri May 29 04:41:40 BST 2026 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f194316 by Daniel Leidert at 2026-05-29T04:57:22+02:00
dla-needed: add nagios4

- - - - -
cfbd704b by Daniel Leidert at 2026-05-29T05:00:40+02:00
dla-needed: add request-tracker4

- - - - -
38d5e4f6 by Daniel Leidert at 2026-05-29T05:26:07+02:00
Add patch links for CVE-2026-44431/python-urllib3 and CVE-2026-44432/python-urllib3

- - - - -
22f48c77 by Daniel Leidert at 2026-05-29T05:33:55+02:00
lts: mark CVE-2026-47766/crun as postponed

- - - - -
d8e23790 by Daniel Leidert at 2026-05-29T05:37:53+02:00
lts: mark CVE-2026-47372/libcrypt-saltedhash-perl and CVE-2026-47373/libcrypt-saltedhash-perl as postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1830,6 +1830,7 @@ CVE-2026-47766
 	- crun 1.28-1
 	[trixie] - crun <no-dsa> (Minor issue)
 	[bookworm] - crun <no-dsa> (Minor issue)
+	[bullseye] - crun <postponed> (Minor issue, can be fixed with next update)
 	NOTE: https://github.com/containers/crun/security/advisories/GHSA-7vwr-4279-7gq5
 	NOTE: https://github.com/containers/crun/commit/c6f338ac2e26e216ab7820b91863a0b84e608097 (1.28)
 CVE-2026-46100 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
@@ -5822,12 +5823,14 @@ CVE-2026-47373 (Crypt::SaltedHash versions through 0.09 for Perl is susceptible
 	- libcrypt-saltedhash-perl 0.11-1 (bug #1137253)
 	[trixie] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
 	[bookworm] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
+	[bullseye] - libcrypt-saltedhash-perl <postponed> (Minor issue, can be fixed with next update)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40249915/
 	NOTE: Fixed by: https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a (0.10)
 CVE-2026-47372 (Crypt::SaltedHash versions through 0.09 for Perl generate insecure ran ...)
 	- libcrypt-saltedhash-perl 0.11-1 (bug #1137253)
 	[trixie] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
 	[bookworm] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
+	[bullseye] - libcrypt-saltedhash-perl <postponed> (Minor issue, can be fixed with next update)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40252126/
 	NOTE: Fixed by: https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5 (0.10)
 CVE-2026-9101 (Prototype pollution in csv parsing logic during import can lead to unt ...)
@@ -8987,9 +8990,11 @@ CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to befo
 	[bookworm] - python-urllib3 <not-affected> (Vulnerable code introduced later)
 	[bullseye] - python-urllib3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j
+	NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a (2.7.0)
 CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to before 2.7. ...)
 	- python-urllib3 <unfixed> (bug #1136653)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc
+	NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc (2.7.0)
 CVE-2026-44426 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/names ...)
 	NOT-FOR-US: ShellHub
 CVE-2026-44425 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device lis ...)


=====================================
data/dla-needed.txt
=====================================
@@ -370,6 +370,10 @@ mongo-c-driver
   NOTE: 20260522: Added by Front-Desk (Beuc)
   NOTE: 20260522: Follow bookworm 12.14 (4+1 CVEs) (Beuc/front-desk)
 --
+nagios4
+  NOTE: 20260529: Added by Front-Desk (dleidert)
+  NOTE: 20260529: Follow recent upload of 4.4.6-4+deb12u1/4.4.6-4.1+deb13u1 (dleidert/front-desk)
+--
 nagvis
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
@@ -507,6 +511,10 @@ rails
 redis (Chris Lamb)
   NOTE: 20260515: Added by Front-Desk (pochu)
 --
+request-tracker4
+  NOTE: 20260529: Added by Front-Desk (dleidert)
+  NOTE: 20260529: Follow DSA in preparation by maintainer (dleidert/front-desk)
+--
 ruby-rack (Abhijith PA)
   NOTE: 20260413: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7d0735f0b5b4c8bf1592f07d128e765e00c18a0...d8e23790e4b65f984d1a91b87abdf31ba8a1a1c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7d0735f0b5b4c8bf1592f07d128e765e00c18a0...d8e23790e4b65f984d1a91b87abdf31ba8a1a1c1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/49fbf581/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list