[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2024-22412 in clickhouse for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Sat Apr 6 13:57:06 BST 2024
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d1b9d3c by Chris Lamb at 2024-04-06T13:54:09+01:00
Triage CVE-2024-22412 in clickhouse for buster LTS.
- - - - -
4d5891ed by Chris Lamb at 2024-04-06T13:54:57+01:00
Triage CVE-2024-28871 in libhtp for buster LTS.
- - - - -
ecd648b7 by Chris Lamb at 2024-04-06T13:56:36+01:00
data/dla-needed.txt: Triage mediawiki for buster LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -331,6 +331,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the
- libhtp 1:0.5.47-1
[bookworm] - libhtp <not-affected> (Vulnerable code introduced in 0.5.46)
[bullseye] - libhtp <not-affected> (Vulnerable code introduced in 0.5.46)
+ [buster] - libhtp <not-affected> (Vulnerable code introduced in 0.5.46)
NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
NOTE: Introduced by: https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d (0.5.46)
NOTE: Fixed by: https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed (0.5.47)
@@ -5585,6 +5586,7 @@ CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow
CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...)
- clickhouse <unfixed> (bug #1067178)
[bullseye] - clickhouse <no-dsa> (Minor issue)
+ [buster] - clickhouse <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r
NOTE: https://github.com/ClickHouse/ClickHouse/pull/58611
CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...)
=====================================
data/dla-needed.txt
=====================================
@@ -166,6 +166,10 @@ linux-5.10
lucene-solr
NOTE: 20240213: Added by Front-Desk (lamby)
--
+mediawiki
+ NOTE: 20240406: Added by Front-Desk (lamby)
+ NOTE: 20240406: Added to address "TEMP-0000000-519C2D" at the time of writing. (lamby)
+--
nodejs
NOTE: 20240406: Added by Front-Desk (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4da9185a560c76db4280a3cbc39b2db5d497f753...ecd648b72ce5edde5dbfc8b06fbb6644e73b8d17
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4da9185a560c76db4280a3cbc39b2db5d497f753...ecd648b72ce5edde5dbfc8b06fbb6644e73b8d17
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240406/fc3265b3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list