[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 5 19:39:36 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e909ce69 by Moritz Muehlenhoff at 2024-08-05T20:38:43+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -88,6 +88,8 @@ CVE-2024-6331 (stitionai/devika main branch as of commit cdfb782b0e634b773b10963
 	NOT-FOR-US: stitionai/devika
 CVE-2024-7409
 	- qemu <unfixed>
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302487
 CVE-2024-7445 (A vulnerability, which was classified as critical, has been found in i ...)
 	NOT-FOR-US: itsourcecode Ticket Reservation System
@@ -277,6 +279,7 @@ CVE-2024-42459 (In the Elliptic package 6.5.6 for Node.js, EDDSA signature malle
 	NOTE: https://github.com/indutny/elliptic/pull/317
 CVE-2024-42458 (server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly vali ...)
 	- neatvnc 0.8.0+dfsg-2 (bug #1077822)
+	[bookworm] - neatvnc <no-dsa> (Minor issue)
 	NOTE: https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47 (v0.8.1)
 CVE-2024-41965 (Vim is an open source command line text editor. double-free in dialog_ ...)
 	- vim <unfixed> (unimportant)
@@ -420,8 +423,11 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython.  The
 	- python3.13 <unfixed>
 	- python3.12 <unfixed>
 	- python3.11 <unfixed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python2.7 <removed>
+	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	NOTE: https://github.com/python/cpython/issues/121650
 	NOTE: https://github.com/python/cpython/pull/122233
 CVE-2024-6873 (It is possible to crash or redirect the execution flow of the ClickHou ...)
@@ -8732,6 +8738,8 @@ CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
 	NOT-FOR-US: idccms
 CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attacker ...)
 	- zziplib <unfixed> (bug #1074417)
+	[bookworm] - zziplib <no-dsa> (Minor issue)
+	[bullseye] - zziplib <no-dsa> (Minor issue)
 	[buster] - zziplib <postponed> (Minor issue, revisi when fixed upstream)
 	NOTE: https://github.com/gdraheim/zziplib/issues/164
 CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows  ...)
@@ -42311,6 +42319,8 @@ CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference
 CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
 	[experimental] - fastdds 2.14.0+ds-1
 	- fastdds 2.14.0+ds-2 (bug #1067393)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
+	[bullseye] - fastdds <no-dsa> (Minor issue)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0)
 CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes  ...)
@@ -42994,6 +43004,8 @@ CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D p
 CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...)
 	[experimental] - fastdds 2.14.0+ds-1
 	- fastdds 2.14.0+ds-2 (bug #1067180)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
+	[bullseye] - fastdds <no-dsa> (Minor issue)
 	NOTE: https://github.com/eProsima/Fast-DDS/issues/4365
 	NOTE: https://github.com/eProsima/Fast-DDS/pull/4375
 CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -72,6 +72,8 @@ python-asyncssh
 --
 ring
 --
+roundcube
+--
 ruby2.7/oldstable
   Samuel Henrique (samueloph) is working on a update + LTS contribution WIP at https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240805/39c33f49/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list