[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Aug 3 17:33:50 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2555604 by Moritz Muehlenhoff at 2024-08-03T18:33:13+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -137,12 +137,18 @@ CVE-2024-5595 (The Essential Blocks WordPress plugin before 4.7.0 does not vali
NOT-FOR-US: WordPress plugin
CVE-2024-42461 (In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleabilit ...)
- node-elliptic <unfixed> (bug #1077821)
+ [bookworm] - node-elliptic <no-dsa> (Minor issue)
+ [bullseye] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/pull/317
CVE-2024-42460 (In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleabilit ...)
- node-elliptic <unfixed> (bug #1077821)
+ [bookworm] - node-elliptic <no-dsa> (Minor issue)
+ [bullseye] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/pull/317
CVE-2024-42459 (In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleabilit ...)
- node-elliptic <unfixed> (bug #1077821)
+ [bookworm] - node-elliptic <no-dsa> (Minor issue)
+ [bullseye] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/pull/317
CVE-2024-42458 (server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly vali ...)
- neatvnc <unfixed> (bug #1077822)
@@ -295,6 +301,8 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The
NOTE: https://github.com/python/cpython/pull/122233
CVE-2024-6873 (It is possible to crash or redirect the execution flow of the ClickHou ...)
- clickhouse <unfixed> (bug #1077820)
+ [bookworm] - clickhouse <no-dsa> (Minor issue)
+ [bullseye] - clickhouse <no-dsa> (Minor issue)
NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f
NOTE: https://github.com/ClickHouse/ClickHouse/pull/64024
CVE-2024-6346 (The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordP ...)
@@ -639,6 +647,8 @@ CVE-2024-37281 (An issue was discovered in Kibana where a user with Viewer role
- kibana <itp> (bug #700337)
CVE-2024-7264 (libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ...)
- curl 8.9.1-1 (bug #1077656)
+ [bookworm] - curl <no-dsa> (Minor issue)
+ [bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2024-7264.html
NOTE: Introduced by: https://github.com/curl/curl/commit/3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d (curl-7_32_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 (curl-8_9_1)
@@ -6929,6 +6939,8 @@ CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework
NOT-FOR-US: NHibernate
CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
- botan 2.19.5+dfsg-1
+ [bookworm] - botan <no-dsa> (Minor issue)
+ [bullseye] - botan <no-dsa> (Minor issue)
NOTE: https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86
CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...)
NOT-FOR-US: RailsAdmin
@@ -6940,6 +6952,8 @@ CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow Orches
NOT-FOR-US: Medicalis Workflow Orchestrator
CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
- botan 2.19.5+dfsg-1
+ [bookworm] - botan <no-dsa> (Minor issue)
+ [bullseye] - botan <no-dsa> (Minor issue)
NOTE: https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
NOTE: https://github.com/randombit/botan/pull/4034
NOTE: https://github.com/randombit/botan/pull/4045
@@ -8169,6 +8183,8 @@ CVE-2024-38480 ("Piccoma" App for Android and iOS versions prior to 6.20.0 uses
NOT-FOR-US: "Piccoma" App for Android and iOS
CVE-2024-34703 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
- botan 2.19.4+dfsg-1
+ [bookworm] - botan <no-dsa> (Minor issue)
+ [bullseye] - botan <no-dsa> (Minor issue)
NOTE: https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
NOTE: https://github.com/randombit/botan/commit/fbe9ec578a8548958677224d2e60d2c2c838bc9a (3.3.0)
NOTE: https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a (2.19.4)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b25556047f844d23ac4d37d2c1e112e411d5f4ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b25556047f844d23ac4d37d2c1e112e411d5f4ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240803/a7106e0f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list