[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 30 09:21:58 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f9575ae by Moritz Muehlenhoff at 2024-04-30T10:21:11+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,6 +316,8 @@ CVE-2024-4292 (A vulnerability classified as critical has been found in Contempo
NOT-FOR-US: Contemporary Controls BASrouter BACnet BASRT-B
CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...)
- node-ejs 3.1.10+~3.1.5-1
+ [bookworm] - node-ejs <no-dsa> (Minor issue)
+ [bullseye] - node-ejs <no-dsa> (Minor issue)
NOTE: https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5 (v3.1.10)
CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...)
TODO: check
@@ -4129,6 +4131,8 @@ CVE-2023-38511 (iTop is an IT service management platform. Dashboard editor : c
NOT-FOR-US: iTop
CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection]
- ngircd 27~rc1-1
+ [bookworm] - ngircd <no-dsa> (Minor issue, will be fixed via point update)
+ [bullseye] - ngircd <no-dsa> (Minor issue, will be fixed via point update)
NOTE: https://github.com/ngircd/ngircd/issues/120
NOTE: https://github.com/ngircd/ngircd/commit/817937b218c4b57515f54216ebc936cd69df0aae (rel-27-rc1)
CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...)
@@ -15354,6 +15358,8 @@ CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integr
NOT-FOR-US: cloudevents/sdk-go
CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...)
- python-jwcrypto <unfixed> (bug #1065688)
+ [bookworm] - python-jwcrypto <no-dsa> (Minor issue)
+ [bullseye] - python-jwcrypto <no-dsa> (Minor issue)
NOTE: https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97
NOTE: https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f (v1.5.6)
CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a federated ...)
@@ -141409,8 +141415,8 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encr
CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...)
[experimental] - samba 2:4.17.0+dfsg-1
- samba 2:4.17.2+dfsg-3 (bug #1021022)
- [bullseye] - samba <no-dsa> (Minor issue)
- [buster] - samba <postponed> (Minor issue)
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...)
{DSA-5205-1 DLA-3792-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240430/82606fb8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list