Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
dee5c422 by Carlos Henrique Lima Melara at 2026-02-28T22:07:25-03:00
CVE-2025-40932/libapache-sessionx-perl: postponed for bullseye
Follow secteam triage.
- - - - -
d3b769f0 by Carlos Henrique Lima Melara at 2026-02-28T22:18:01-03:00
CVE-2026-27837/node-dottie: postpone for bullseye
Follow secteam triage.
- - - - -
782771d3 by Carlos Henrique Lima Melara at 2026-02-28T22:34:24-03:00
CVE-2026-27606/node-rollup: postpone for bullseye
Follow secteam triage.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -546,6 +546,7 @@ CVE-2021-4456 (Net::CIDR versions before 0.24 for Perl
mishandle leading zeros i
CVE-2025-40932 (Apache::SessionX versions through 2.01 for Perl create
insecure sessio ...)
- libapache-sessionx-perl <unfixed> (bug #930660)
[bookworm] - libapache-sessionx-perl <no-dsa> (Minor issue; can be
handled via point release at some point after unstable fix)
+ [bullseye] - libapache-sessionx-perl <postponed> (Minor issue; last
upstream release in 2005 and only 1 rdep)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/37425045/
CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of
Flair ...)
NOT-FOR-US: LanguageModel class of Flair
@@ -783,6 +784,7 @@ CVE-2026-27837 (Dottie provides nested object access and
manipulation in JavaScr
- node-dottie <unfixed> (bug #1129097)
[trixie] - node-dottie <no-dsa> (Minor issue)
[bookworm] - node-dottie <no-dsa> (Minor issue)
+ [bullseye] - node-dottie <postponed> (Minor issue)
NOTE:
https://github.com/mickhansen/dottie.js/security/advisories/GHSA-r5mx-6wc6-7h9w
NOTE: Fixed by:
https://github.com/mickhansen/dottie.js/commit/7e8fa1345a4b46325f0eab8d7aeb1c4deaefdb14
(v2.0.7)
NOTE: CVE exists because of an incomplete fix for CVE-2023-26132.
@@ -1365,6 +1367,7 @@ CVE-2026-27606 (Rollup is a module bundler for
JavaScript. Versions prior to 2.8
- node-rollup <unfixed> (bug #1129260)
[trixie] - node-rollup <no-dsa> (Minor issue)
[bookworm] - node-rollup <no-dsa> (Minor issue)
+ [bullseye] - node-rollup <postponed> (Minor issue)
NOTE:
https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc
NOTE: Fixed by:
https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2
(v4.59.0)
NOTE: Fixed by:
https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e
(v3.30.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c8a8080919efebef90a4d1fc0590e30d23c8841...782771d3c5f1ab5450ac3239ee4e725a6431e607
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c8a8080919efebef90a4d1fc0590e30d23c8841...782771d3c5f1ab5450ac3239ee4e725a6431e607
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
