Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
f2c44b6f by Carlos Henrique Lima Melara at 2026-02-25T23:59:58-03:00
LTS: add nss to dla-needed
- - - - -
072a3b0a by Carlos Henrique Lima Melara at 2026-02-26T00:12:24-03:00
LTS: add ruby-rack to dla-needed
- - - - -
a4c1f527 by Carlos Henrique Lima Melara at 2026-02-26T00:34:43-03:00
CVE-2025-69725/golang-github-go-chi-chi: bullseye not-affected
- - - - -
7de1b4cc by Carlos Henrique Lima Melara at 2026-02-26T01:11:07-03:00
CVE-2026-26994/golang-refraction-networking-utls: ignore for bullseye
No binary package was built with golang-refraction-networking-utls-dev.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2543,6 +2543,7 @@ CVE-2026-26995
REJECTED
CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
- golang-refraction-networking-utls <unfixed> (bug #1129011)
+ [bullseye] - golang-refraction-networking-utls <ignored> (Limited
support, no binaries built with it)
NOTE:
https://github.com/refraction-networking/utls/security/advisories/GHSA-pmc3-p9hx-jq96
NOTE: Fixed by:
https://github.com/refraction-networking/utls/commit/f8892761e2a4d29054264651d3a86fda83bc83f9
(v1.7.0)
CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform
that int ...)
@@ -3128,6 +3129,7 @@ CVE-2025-69725 (An Open Redirect vulnerability in the
go-chi/chi >=5.2.2 Redirec
- golang-github-go-chi-chi <unfixed>
[trixie] - golang-github-go-chi-chi <not-affected> (Vulnerable code
introduced in 5.2.2)
[bookworm] - golang-github-go-chi-chi <not-affected> (Vulnerable code
introduced in 5.2.2)
+ [bullseye] - golang-github-go-chi-chi <not-affected> (Vulnerable code
introduced in 5.2.2)
NOTE:
https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8
CVE-2025-69674 (Buffer Overflow vulnerability in CDATA FD614GS3-R850
V3.2.7_P161006 (B ...)
NOT-FOR-US: CDATA
=====================================
data/dla-needed.txt
=====================================
@@ -302,6 +302,10 @@ node-tar (dleidert)
nodejs
NOTE: 20260121: Added by Front-Desk (pochu)
--
+nss
+ NOTE: 20260225: Added by Front-Desk (charles)
+ NOTE: 20260225: DSA is being prepared, coordinate with secteam (charles)
+--
nvidia-cuda-toolkit
NOTE: 20241004: Added by Front-Desk (Beuc)
--
@@ -359,6 +363,10 @@ python-cryptography
python-geopandas
NOTE: 20260216: Added by Front-Desk (rouca)
--
+ruby-rack
+ NOTE: 20260226: Added by Front-Desk (charles)
+ NOTE: 20260226: In dsa-needed and utkarsh is working on elts (charles)
+--
runc
NOTE: 20251105: Added by Front-Desk (Beuc)
NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dbf99520239d8bd6f479178448c8c773961249c0...7de1b4cc7f2d2a2cec9a0e275ce4136000543d39
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dbf99520239d8bd6f479178448c8c773961249c0...7de1b4cc7f2d2a2cec9a0e275ce4136000543d39
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
