[Git][security-tracker-team/security-tracker][master] 4 commits: LTS: triage gajim

Anton Gladky (@gladk) gladk at debian.org
Thu Oct 6 21:40:47 BST 2022 


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c8184c6 by Anton Gladky at 2022-10-06T22:28:36+02:00
LTS: triage gajim

- - - - -
c5768503 by Anton Gladky at 2022-10-06T22:28:38+02:00
Ignore all pluxml issues in buster

- - - - -
3ba8c53e by Anton Gladky at 2022-10-06T22:30:34+02:00
LTS: triage joblib

- - - - -
fe280448 by Anton Gladky at 2022-10-06T22:38:49+02:00
LTS: triage modsecurity-crs

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -480117,8 +480117,10 @@ CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain priv
 CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...)
 	NOT-FOR-US: Tunnelblick
 CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
+	[buster] - pluxml <ignored> Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06).
 	- pluxml <undetermined>
 CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
+	[buster] - pluxml <ignored> Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06).
 	- pluxml <undetermined>
 CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in  ...)
 	NOT-FOR-US: Neoinvoice
@@ -558678,6 +558680,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1
 	- wordpress 2.2.1-1
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
 CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...)
+	[buster] - pluxml <ignored> Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06).
 	- pluxml <undetermined>
 CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...)
 	NOT-FOR-US: Kurinton sHTTPd
@@ -559015,6 +559018,7 @@ CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attacker
 CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...)
 	NOT-FOR-US: Pharmacy System
 CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...)
+	[buster] - pluxml <ignored> Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06).
 	- pluxml <undetermined>
 CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...)
 	NOT-FOR-US: Dagger


=====================================
data/dla-needed.txt
=====================================
@@ -46,6 +46,9 @@ frr (Thorsten Alteholz)
 fwupd
   NOTE: 20221003: Programming language: C++.
 --
+gajim
+  NOTE: 20221006: Programming language: Python.
+--
 gerbv
   NOTE: 20220923: Programming language: C.
 --
@@ -76,6 +79,9 @@ imagemagick
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
+joblib
+  NOTE: 20221006: Programming language: Python.
+--
 knot-resolver (Chris Lamb)
   NOTE: 20221003: Programming language: C.
 --
@@ -96,6 +102,10 @@ man2html
 mbedtls
   NOTE: 20220821: Programming language: C.
 --
+modsecurity-crs
+  NOTE: 20221006: Programming language: Other.
+  NOTE: 20221006: Maintainer notes: Please contact maintainer. Consider uploading of newer version.
+--
 netatalk
   NOTE: 20220816: Programming language: C.
   NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0275d7b22983483569b602b2e41e62c16cd16b21...fe280448e1117137cdf8440a17b03b8014989874

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0275d7b22983483569b602b2e41e62c16cd16b21...fe280448e1117137cdf8440a17b03b8014989874
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221006/ba34f818/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list