Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
8e61868a by Carlos Henrique Lima Melara at 2026-02-27T00:48:18-03:00
CVE-2026-27821/gpac: eol in bullseye
Marked as EOL in debian-security-support.
- - - - -
7e7b4af4 by Carlos Henrique Lima Melara at 2026-02-27T00:55:37-03:00
LTS: add thunderbird to dla-needed.txt
- - - - -
45f9c4d4 by Carlos Henrique Lima Melara at 2026-02-27T01:13:52-03:00
CVE-2025-61982/openfoam: follow secteam triaging and postpone issue
So far, no upstream update.
- - - - -
35130554 by Carlos Henrique Lima Melara at 2026-02-27T01:23:08-03:00
CVE-2026-3184/util-linux: postpone for bullseye
Follow secteam triaging, minor issue hard to trigger. Upstream says:
"Note, the real-world impact is low -- login -h is only used by legacy
telnet/rlogin daemons, and exploitation requires FQDN-specific
pam_access rules on a system still using these obsolete services."
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -229,6 +229,7 @@ CVE-2026-27829 (Astro is a web framework. In versions 9.0.0
through 9.5.3, a bug
NOT-FOR-US: Astro
CVE-2026-27821 (GPAC is an open-source multimedia framework. In versions up to
and inc ...)
- gpac <removed>
+ [bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
NOTE:
https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559
NOTE:
https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52
CVE-2026-27819 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
@@ -353,6 +354,7 @@ CVE-2026-3184 [Access control bypass due to improper
hostname canonicalization]
- util-linux <unfixed>
[trixie] - util-linux <no-dsa> (Minor issue)
[bookworm] - util-linux <no-dsa> (Minor issue)
+ [bullseye] - util-linux <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2442570
NOTE: Fixed by:
https://github.com/util-linux/util-linux/commit/8b29aeb081e297e48c4c1ac53d88ae07e1331984
(v2.42-rc1)
CVE-2026-1747 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
@@ -4163,6 +4165,7 @@ CVE-2025-61982 (An arbitrary code execution vulnerability
exists in the Code Str
- openfoam <unfixed> (bug #1128475)
[trixie] - openfoam <no-dsa> (Minor issue)
[bookworm] - openfoam <no-dsa> (Minor issue)
+ [bullseye] - openfoam <postponed> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292
TODO: check upstream status
CVE-2025-60038 (A vulnerabilityhas been identified in Rexroth IndraWorks. This
flaw al ...)
=====================================
data/dla-needed.txt
=====================================
@@ -398,6 +398,11 @@ suricata
NOTE: 20250331: re added to fix next bunch of CVEs (ta)
NOTE: 20250825: testing package (ta)
--
+thunderbird
+ NOTE: 20260227: Added by Front-Desk (charles)
+ NOTE: 20260227: On dsa-needed and being worked by jmm, coordinate with
+ NOTE: 20260227: secteam or follow DSA (charles)
+--
trafficserver
NOTE: 20241120: Added by Front-Desk (Beuc)
NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f941fa57193f863d22dc720ffe4b46513f35f405...35130554a2de5812453e73755c22c258e9dcb647
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f941fa57193f863d22dc720ffe4b46513f35f405...35130554a2de5812453e73755c22c258e9dcb647
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
