[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 9 06:44:13 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c394357e by Moritz Muehlenhoff at 2024-08-09T07:43:21+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,6 +76,7 @@ CVE-2024-42001 (An improper authentication vulnerability affecting Vonets
 	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-41942 (JupyterHub is software that allows one to create a multi-user server f ...)
 	- jupyterhub <unfixed>
+	[bookworm] - jupyterhub <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f
 	NOTE: https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428 (4.1.6)
 	NOTE: https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba (5.1.0)
@@ -903,36 +904,58 @@ CVE-2023-5000 (The Horizontal scrolling announcements plugin for WordPress is vu
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7547 (oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vul ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/
 CVE-2024-7546 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1086/
 CVE-2024-7545 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1085/
 CVE-2024-7544 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1084/
 CVE-2024-7543 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1083/
 CVE-2024-7542 (oFono AT CMGR Command Uninitialized Variable Information Disclosure Vu ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1082/
 CVE-2024-7541 (oFono AT CMT Command Uninitialized Variable Information Disclosure Vul ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1081/
 CVE-2024-7540 (oFono AT CMGL Command Uninitialized Variable Information Disclosure Vu ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1080/
 CVE-2024-7539 (oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. T ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
 CVE-2024-7538 (oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1078/
 CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulne ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
 CVE-2024-7006 [NULL pointer dereference in tif_dirinfo.c]
 	- tiff <unfixed>
@@ -1053,6 +1076,8 @@ CVE-2023-31355 (Improper restriction of write operations in SNP firmware could a
 	NOT-FOR-US: AMD
 CVE-2024-7383 (A flaw was found in libnbd. The client did not always correctly verify ...)
 	- libnbd 1.20.2-1
+	[bookworm] - libnbd <no-dsa> (Minor issue)
+	[bullseye] - libnbd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302865
 	NOTE: https://lists.libguestfs.org/archives/list/guestfs%40lists.libguestfs.org/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/
 	NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/87ef41b69929d5d293390ec36b1c10aba2c9a57a (v1.20.2)
@@ -32662,6 +32687,8 @@ CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to ob
 CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-14 (bug #1070207)
+	[bookworm] - dcmtk <no-dsa> (Minor issue)
+	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
 	NOTE: https://support.dcmtk.org/redmine/issues/1120
 	NOTE: https://github.com/DCMTK/dcmtk/commit/dc6a2446dc03c9db90f82ce17a597f2cd53776c5


=====================================
data/dsa-needed.txt
=====================================
@@ -66,9 +66,9 @@ php-horde-mime-viewer/oldstable
 --
 php-horde-turba/oldstable
 --
-postgresql-13/oldstable
+postgresql-13/oldstable (jmm)
 --
-postgresql-15/stable
+postgresql-15/stable (jmm)
 --
 pymatgen/stable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c394357e8887a252f1165f22ac27ebb4884cf881

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c394357e8887a252f1165f22ac27ebb4884cf881
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240809/e17dc31b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list