[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 7 10:31:22 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b212e9db by Moritz Muehlenhoff at 2024-08-07T11:30:48+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -514,6 +514,8 @@ CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
 CVE-2024-7006 [NULL pointer dereference in tif_dirinfo.c]
 	- tiff <unfixed>
+	[bookworm] - tiff <no-dsa> (Minor issue)
+	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/559
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/624
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e
@@ -8143,6 +8145,8 @@ CVE-2024-6461
 	REJECTED
 CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable  ...)
 	- mongo-c-driver 1.27.1-1
+	[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
 CVE-2024-6284 (In  https://github.com/google/nftables IP addresses were encoded in th ...)
 	- golang-github-google-nftables 0.1.0-4 (bug #1071247)
@@ -8385,6 +8389,8 @@ CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in
 	NOT-FOR-US: Edito CMS
 CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...)
 	- qemu 1:9.0.1+ds-1 (bug #1075824)
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2278875
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
@@ -9102,6 +9108,8 @@ CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Cod
 	NOT-FOR-US: Soft Circle French-Bread Melty Blood: Actress Again
 CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...)
 	- nix <unfixed>
+	[bookworm] - nix <no-dsa> (Minor issue)
+	[bullseye] - nix <no-dsa> (Minor issue)
 	NOTE: https://github.com/NixOS/nix/pull/10501
 	NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5
 CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...)
@@ -46592,6 +46600,8 @@ CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remo
 CVE-2023-50716 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the  ...)
 	[experimental] - fastdds 2.14.0+ds-1
 	- fastdds 2.14.0+ds-2 (bug #1066119)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
+	[bullseye] - fastdds <no-dsa> (Minor issue)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h
 CVE-2023-50167 (Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with ed ...)
 	NOT-FOR-US: Pega Platform


=====================================
data/dsa-needed.txt
=====================================
@@ -51,11 +51,15 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
+netatalk/oldstable
+--
 nodejs (aron)
 --
 nova
   Maintainer prepared updates for review
 --
+odoo/oldstable (seb)
+--
 opennds/stable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
@@ -69,6 +73,8 @@ python-aiohttp
 --
 python-asyncssh
 --
+python-reportlab
+--
 ring
 --
 roundcube
@@ -96,5 +102,7 @@ tinyproxy/oldstable
 --
 trafficserver
 --
+twisted
+--
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212e9db1f4126495949f2bbb969cdf77f91e6da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212e9db1f4126495949f2bbb969cdf77f91e6da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240807/a5b53ab4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list