[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0fb508b by Moritz Muehlenhoff at 2024-04-13T15:50:10+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -165,7 +165,7 @@ CVE-2024-30381 (An Exposure of Sensitive Information to an Unauthorized Actor vu
 CVE-2024-30210 (IO-1020 Micro ELD uses a default WIFI password that could allow an adj ...)
 	NOT-FOR-US: IO-1020 Micro ELD
 CVE-2024-2397 (Due to a bug in packet data buffers management, the PPP printer in tcp ...)
-	- tcpdump <unfixed>
+	- tcpdump <not-affected> (Vulnerable code not present in any version uploaded to Debian)
 	NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/0d4083ee8687a9f6578e26a1407bd9f2a9d27885
 	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
 CVE-2024-29461 (An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote a ...)
@@ -252,6 +252,7 @@ CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 thr
 	NOT-FOR-US: IBM
 CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/10691
@@ -7323,6 +7324,7 @@ CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authentic
 	NOT-FOR-US: Kiloview
 CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...)
 	- distrobox 1.7.0.1-1
+	[bookworm] - distrobox <no-dsa> (Minor issue)
 	NOTE: https://github.com/89luca89/distrobox/issues/1275
 	NOTE: Fixed by: https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 (1.7.0.1)
 CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,7 +11,7 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
-apache2
+apache2 (jmm)
 --
 cryptojs
 --
@@ -49,9 +49,9 @@ opennds/stable
 --
 org-mode
 --
-php7.4
+php7.4 (jmm)
 --
-php8.2
+php8.2 (jmm)
 --
 php-cas/oldstable
 --
@@ -92,6 +92,8 @@ salt/oldstable
 --
 squid
 --
+trafficserver (jmm)
+--
 webkit2gtk (berto)
 --
 wpa



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240413/7401bda6/attachment-0001.htm>