[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 18 11:51:35 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da7f04e4 by Moritz Muehlenhoff at 2024-04-18T12:51:06+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1521,6 +1521,8 @@ CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the
NOT-FOR-US: Gradio
CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...)
- gunicorn <unfixed> (bug #1069126)
+ [bookworm] - gunicorn <no-dsa> (Minor issue)
+ [bullseye] - gunicorn <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
NOTE: https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d
CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path traversal ...)
@@ -10440,8 +10442,10 @@ CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a
NOT-FOR-US: Adobe
CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build) which allo ...)
- golang-github-containers-buildah 1.33.7+ds1-1 (bug #1067800)
+ [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
+ [bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
NOTE: https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
- TODO: check, at least podman will need a rebuild with a fixed buildah
+ NOTE: at least podman will need a rebuild with a fixed buildah
CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.2 ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ expat (carnil)
--
frr
--
+glibc
+--
gpac/oldstable
--
guix (jmm)
@@ -35,6 +37,8 @@ guix (jmm)
--
h2o (jmm)
--
+less
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7f04e4e2160a8f5b96c8c0610a2ff264c539da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7f04e4e2160a8f5b96c8c0610a2ff264c539da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240418/216f68b7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list