[Git][security-tracker-team/security-tracker][master] 5 commits: update notes

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Apr 28 22:40:09 BST 2024 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6324da2 by Thorsten Alteholz at 2024-04-28T23:17:41+02:00
update notes

- - - - -
3b1c9517 by Thorsten Alteholz at 2024-04-28T23:23:19+02:00
mark CVE-2024-32879 as postponed for buster

- - - - -
953f4cab by Thorsten Alteholz at 2024-04-28T23:25:03+02:00
mark two CVEs of sngrep as postponed

- - - - -
4d4b408d by Thorsten Alteholz at 2024-04-28T23:29:59+02:00
mark CVE-2024-29156 as ignored for Buster

- - - - -
5b7a5ec7 by Thorsten Alteholz at 2024-04-28T23:33:36+02:00
add dcmtk

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -847,6 +847,7 @@ CVE-2024-32879 (Python Social Auth is a social authentication/registration mecha
 	- social-auth-app-django <unfixed>
 	[bookworm] - social-auth-app-django <no-dsa> (Minor issue)
 	[bullseye] - social-auth-app-django <no-dsa> (Minor issue)
+	[buster] - social-auth-app-django <postponed> (Minor issue)
 	- python-social-auth <removed>
 	NOTE: https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
 	NOTE: https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 (5.4.1)
@@ -5081,11 +5082,13 @@ CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of s
 	- sngrep 1.8.1-1 (bug #1068818)
 	[bookworm] - sngrep <no-dsa> (Minor issue)
 	[bullseye] - sngrep <no-dsa> (Minor issue)
+	[buster] - sngrep <postponed> (Minor issue)
 	NOTE: https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1)
 CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...)
 	- sngrep 1.8.1-1 (bug #1068818)
 	[bookworm] - sngrep <no-dsa> (Minor issue)
 	[bullseye] - sngrep <no-dsa> (Minor issue)
+	[buster] - sngrep <postponed> (Minor issue)
 	NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1)
 CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...)
 	NOT-FOR-US: WordPress plugin
@@ -12723,6 +12726,7 @@ CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is us
 	- murano <removed> (bug #1068459)
 	[bookworm] - murano <ignored> (To be removed in point release)
 	[bullseye] - murano <ignored> (To be removed in point release)
+	[buster] - murano <ignored> (unmaintained upstream)
 	NOTE: https://bugs.launchpad.net/murano/+bug/2048114
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093
 	NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable:


=====================================
data/dla-needed.txt
=====================================
@@ -49,6 +49,9 @@ bind9 (Santiago)
   NOTE: 20240418: https://salsa.debian.org/lts-team/packages/bind9/-/commit/135e46d2e43b6e499454385c2228338c6a72ba96
   NOTE: 20240418: All testing activities remains.
 --
+dcmtk
+  NOTE: 20240428: Added by Front-Desk (ta)
+--
 dnsmasq
   NOTE: 20240303: Added by Front-Desk (apo)
   NOTE: 20240325: Automatically unassigned (lamby)
@@ -298,6 +301,7 @@ tiff (Thorsten Alteholz)
   NOTE: 20240314: Added by coordinator (roberto)
   NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
   NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto)
+  NOTE: 20240428: testing package
 --
 tinymce
   NOTE: 20231123: Added by Front-Desk (ola)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dca4d5635318336e67b292f148f00abb54dc4c87...5b7a5ec724b1aa7c97eb298e08184c9c85dca0c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dca4d5635318336e67b292f148f00abb54dc4c87...5b7a5ec724b1aa7c97eb298e08184c9c85dca0c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240428/c8cd1f0d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list