[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 5 19:22:58 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
434878ad by Moritz Muehlenhoff at 2024-04-05T20:19:39+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3748,18 +3748,26 @@ CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows
 	NOT-FOR-US: PrestaShop module
 CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code  ...)
 	- node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+	[bookworm] - node-katex <no-dsa> (Minor issue)
+	[bullseye] - node-katex <no-dsa> (Minor issue)
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329
 	NOTE: https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de (v0.16.10)
 CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
 	- node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+	[bookworm] - node-katex <no-dsa> (Minor issue)
+	[bullseye] - node-katex <no-dsa> (Minor issue)
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h
 	NOTE: https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 (v0.16.10)
 CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
 	- node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+	[bookworm] - node-katex <no-dsa> (Minor issue)
+	[bullseye] - node-katex <no-dsa> (Minor issue)
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc
 	NOTE: https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 (v0.16.10)
 CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
 	- node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+	[bookworm] - node-katex <no-dsa> (Minor issue)
+	[bullseye] - node-katex <no-dsa> (Minor issue)
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w
 	NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10)
 CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...)
@@ -4057,11 +4065,10 @@ CVE-2024-27280 [Buffer overread vulnerability in StringIO]
 	TODO: check details
 CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...)
 	- qt6-base <unfixed> (bug #1068454)
-	- qtbase-opensource-src <unfixed>
-	- qtbase-opensource-src-gles <unfixed>
+	- qtbase-opensource-src <not-affected> (Only affects Qt6)
+	- qtbase-opensource-src-gles <not-affected> (Only affects Qt6)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314
 	NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365
-	TODO: check details
 CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...)
 	- varnish <unfixed> (bug #1068455)
 	[bookworm] - varnish <ignored> (Minor issue, too intrusive to backport)
@@ -4596,6 +4603,8 @@ CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single us
 	NOT-FOR-US: Owncast
 CVE-2024-29018 (Moby is an open source container framework that is a key component of  ...)
 	- docker.io <unfixed> (bug #1068460)
+	[bookworm] - docker.io <no-dsa> (Minor issue)
+	[bullseye] - docker.io <no-dsa> (Minor issue)
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx
 	NOTE: https://github.com/moby/moby/pull/46609
 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability)
@@ -5364,6 +5373,7 @@ CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow
 	NOT-FOR-US: Dell
 CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...)
 	- clickhouse <unfixed> (bug #1067178)
+	[bullseye] - clickhouse <no-dsa> (Minor issue)
 	NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r
 	NOTE: https://github.com/ClickHouse/ClickHouse/pull/58611
 CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/d25e812f/attachment.htm>

More information about the debian-security-tracker-commits mailing list