[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Apr 1 20:03:34 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a620ac38 by Moritz Muehlenhoff at 2024-04-01T21:00:11+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1565,7 +1565,7 @@ CVE-2023-45920 (Xfig v3.2.8 was discovered to contain a NULL pointer dereference
- xfig 1:3.2.9-1 (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/155/
NOTE: https://sourceforge.net/p/mcj/xfig/ci/ec49cde00dbd6f7f45d8e386795079d5d636496f/
- NOTE: Ngliggible security impact, crash in CLI tool
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a buffer over-read in glXQuerySe ...)
- mesa <unfixed> (unimportant)
NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9858
@@ -3092,72 +3092,118 @@ CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before
NOT-FOR-US: DOraCMS
CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...)
NOT-FOR-US: KnowBand spinwheel
@@ -3549,6 +3595,8 @@ CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before
NOT-FOR-US: livewire
CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular ...)
- black <unfixed> (bug #1067177)
+ [bookworm] - black <no-dsa> (Minor issue)
+ [bullseye] - black <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273
NOTE: https://github.com/psf/black/releases/tag/24.3.0
NOTE: https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 (24.3.0)
@@ -7174,6 +7222,8 @@ CVE-2024-28088 (LangChain through 0.1.10 allows ../ directory traversal by an ac
NOT-FOR-US: LanChain-ai Langchain
CVE-2024-28084 (p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers ...)
- iwd 2.16-1 (bug #1065443)
+ [bookworm] - iwd <no-dsa> (Minor issue)
+ [bullseye] - iwd <no-dsa> (Minor issue)
[buster] - iwd <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=52a47c9fd428904de611a90cbf8b223af879684d (2.16)
NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=d34b4e16e045142590ed7cb653e01ed0ae5362eb (2.16)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a620ac38261865f9a5ce4dfa1c87347e2d3beb0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a620ac38261865f9a5ce4dfa1c87347e2d3beb0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240401/c4f49ce3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list