[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Aug 7 10:31:22 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b212e9db by Moritz Muehlenhoff at 2024-08-07T11:30:48+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -514,6 +514,8 @@ CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
CVE-2024-7006 [NULL pointer dereference in tif_dirinfo.c]
- tiff <unfixed>
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/559
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/624
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e
@@ -8143,6 +8145,8 @@ CVE-2024-6461
REJECTED
CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable ...)
- mongo-c-driver 1.27.1-1
+ [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
CVE-2024-6284 (In https://github.com/google/nftables IP addresses were encoded in th ...)
- golang-github-google-nftables 0.1.0-4 (bug #1071247)
@@ -8385,6 +8389,8 @@ CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in
NOT-FOR-US: Edito CMS
CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...)
- qemu 1:9.0.1+ds-1 (bug #1075824)
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2278875
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
@@ -9102,6 +9108,8 @@ CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Cod
NOT-FOR-US: Soft Circle French-Bread Melty Blood: Actress Again
CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...)
- nix <unfixed>
+ [bookworm] - nix <no-dsa> (Minor issue)
+ [bullseye] - nix <no-dsa> (Minor issue)
NOTE: https://github.com/NixOS/nix/pull/10501
NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5
CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...)
@@ -46592,6 +46600,8 @@ CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remo
CVE-2023-50716 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...)
[experimental] - fastdds 2.14.0+ds-1
- fastdds 2.14.0+ds-2 (bug #1066119)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h
CVE-2023-50167 (Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with ed ...)
NOT-FOR-US: Pega Platform
=====================================
data/dsa-needed.txt
=====================================
@@ -51,11 +51,15 @@ linux (carnil)
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
+netatalk/oldstable
+--
nodejs (aron)
--
nova
Maintainer prepared updates for review
--
+odoo/oldstable (seb)
+--
opennds/stable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
@@ -69,6 +73,8 @@ python-aiohttp
--
python-asyncssh
--
+python-reportlab
+--
ring
--
roundcube
@@ -96,5 +102,7 @@ tinyproxy/oldstable
--
trafficserver
--
+twisted
+--
zabbix
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212e9db1f4126495949f2bbb969cdf77f91e6da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212e9db1f4126495949f2bbb969cdf77f91e6da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240807/a5b53ab4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list