[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 15 15:41:51 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
645a212f by Moritz Muehlenhoff at 2024-04-15T16:41:00+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -958,9 +958,9 @@ CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerExcept
 CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...)
 	NOT-FOR-US: Joda Time
 CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
-	- libjfreechart-java <unfixed>
+	NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-23076 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
-	- libjfreechart-java <unfixed>
+	NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
@@ -1006,7 +1006,7 @@ CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardi
 CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information.  ...)
 	NOT-FOR-US: Nozomi Networks
 CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
-	- libjfreechart-java <unfixed>
+	NOT-FOR-US: Disputed JFreeChart issue
 CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
@@ -2180,13 +2180,13 @@ CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intellige
 CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...)
 	NOT-FOR-US: HCL
 CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...)
-	- libapfloat-java <unfixed>
+	NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...)
 	NOT-FOR-US: ThreeTen Backport
 CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
-	- jgrapht <unfixed>
+	NOT-FOR-US: Disputed JGraphT issue
 CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
-	- libjfreechart-java <unfixed>
+	NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...)
@@ -2298,13 +2298,13 @@ CVE-2024-23190 (Upsell shop information of an account can be manipulated to exec
 CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...)
-	- libapfloat-java <unfixed>
+	NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...)
-	- libapfloat-java <unfixed>
+	NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...)
 	NOT-FOR-US: ThreeTen Backport
 CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
-	- jgrapht <unfixed>
+	NOT-FOR-US: Disputed JGraphT issue
 CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...)
@@ -2360,6 +2360,8 @@ CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...)
 	[experimental] - openssl 3.3.0-1
 	- openssl <unfixed> (bug #1068658)
+	[bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
+	[bullseye] - openssl <postponed> (Minor issue, fix along with next update round)
 	NOTE: https://www.openssl.org/news/secadv/20240408.txt
 	NOTE: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 (openssl-3.2.y)
 	NOTE: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce (openssl-3.1.y)
@@ -2469,6 +2471,7 @@ CVE-2023-52341 (In Plaintext COUNTER CHECK message accepted before AS security a
 	NOT-FOR-US: Unisoc
 CVE-2021-47208 (The Mojolicious module before 9.11 for Perl has a bug in format detect ...)
 	- libmojolicious-perl 9.21+dfsg-1
+	[bullseye] - libmojolicious-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/mojolicious/mojo/issues/1736
 	NOTE: https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c (v9.11)
 CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to secure_co ...)
@@ -6713,6 +6716,8 @@ CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote auth
 	NOT-FOR-US: Lepton CMS
 CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...)
 	- netty <unfixed> (bug #1068110)
+	[bookworm] - netty <postponed> (Minor issue, fix along with future update)
+	[bullseye] - netty <postponed> (Minor issue, fix along with future update)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
 	NOTE: https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c (netty-4.1.108.Final)
 	NOTE: https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
@@ -14481,6 +14486,8 @@ CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/s
 	- ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
 	- opendmarc <unfixed>
+	[bookworm] - opendmarc <no-dsa> (Minor issue)
+	[bullseye] - opendmarc <no-dsa> (Minor issue)
 	[buster] - opendmarc <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
 CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240415/c592ae4a/attachment.htm>

More information about the debian-security-tracker-commits mailing list