[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Aug 5 19:39:36 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e909ce69 by Moritz Muehlenhoff at 2024-08-05T20:38:43+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -88,6 +88,8 @@ CVE-2024-6331 (stitionai/devika main branch as of commit cdfb782b0e634b773b10963
NOT-FOR-US: stitionai/devika
CVE-2024-7409
- qemu <unfixed>
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302487
CVE-2024-7445 (A vulnerability, which was classified as critical, has been found in i ...)
NOT-FOR-US: itsourcecode Ticket Reservation System
@@ -277,6 +279,7 @@ CVE-2024-42459 (In the Elliptic package 6.5.6 for Node.js, EDDSA signature malle
NOTE: https://github.com/indutny/elliptic/pull/317
CVE-2024-42458 (server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly vali ...)
- neatvnc 0.8.0+dfsg-2 (bug #1077822)
+ [bookworm] - neatvnc <no-dsa> (Minor issue)
NOTE: https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47 (v0.8.1)
CVE-2024-41965 (Vim is an open source command line text editor. double-free in dialog_ ...)
- vim <unfixed> (unimportant)
@@ -420,8 +423,11 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <unfixed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
- python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
NOTE: https://github.com/python/cpython/issues/121650
NOTE: https://github.com/python/cpython/pull/122233
CVE-2024-6873 (It is possible to crash or redirect the execution flow of the ClickHou ...)
@@ -8732,6 +8738,8 @@ CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
NOT-FOR-US: idccms
CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attacker ...)
- zziplib <unfixed> (bug #1074417)
+ [bookworm] - zziplib <no-dsa> (Minor issue)
+ [bullseye] - zziplib <no-dsa> (Minor issue)
[buster] - zziplib <postponed> (Minor issue, revisi when fixed upstream)
NOTE: https://github.com/gdraheim/zziplib/issues/164
CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows ...)
@@ -42311,6 +42319,8 @@ CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference
CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
[experimental] - fastdds 2.14.0+ds-1
- fastdds 2.14.0+ds-2 (bug #1067393)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w
NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0)
CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...)
@@ -42994,6 +43004,8 @@ CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D p
CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...)
[experimental] - fastdds 2.14.0+ds-1
- fastdds 2.14.0+ds-2 (bug #1067180)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/issues/4365
NOTE: https://github.com/eProsima/Fast-DDS/pull/4375
CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -72,6 +72,8 @@ python-asyncssh
--
ring
--
+roundcube
+--
ruby2.7/oldstable
Samuel Henrique (samueloph) is working on a update + LTS contribution WIP at https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240805/39c33f49/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list