dracut - Debian Package Tracker

Debci reports failed tests high

unstable: fail (log)
The tests ran in 2:11:19
Last run: 2026-06-12T20:36:37.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 1:33:29
Last run: 2026-06-14T16:32:23.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:40:21
Last run: 2026-03-03T02:58:26.000Z
Previous status: unknown

Created: 2026-05-28 Last update: 2026-06-16 07:01

1 security issue in sid high

1 important issue:

CVE-2026-6893: A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

Created: 2026-06-11 Last update: 2026-06-12 09:00

1 security issue in forky high

1 important issue:

CVE-2026-6893: A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

Created: 2026-06-11 Last update: 2026-06-12 09:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-6893: A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

Created: 2026-06-11 Last update: 2026-06-12 09:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-6893: A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

Created: 2026-06-11 Last update: 2026-06-12 09:00

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-16 06:00

3 open merge requests in Salsa normal

There are 3 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2026-06-01 Last update: 2026-06-14 04:00

1 low-priority security issue in trixie low

1 issue left for the package maintainer to handle:

CVE-2026-6893: (needs triaging) A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-11 Last update: 2026-06-12 09:00