[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 9 16:37:56 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b01e790 by Moritz Muehlenhoff at 2024-08-09T17:37:22+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6067,6 +6067,8 @@ CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an U
 	NOT-FOR-US: Sourcecodester Poultry Farm Management System
 CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have  ...)
 	- xrdp <unfixed> (bug #1076769)
+	[bookworm] - xrdp <no-dsa> (Minor issue)
+	[bullseye] - xrdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
 	NOTE: https://github.com/neutrinolabs/xrdp/commit/8ac2f6db34649a93d3c9c4fe8fda61203702e615
 	NOTE: While claimed in GHSA-7w22-h4w7-8j5j that issue is fixed in 0.10.0 the referenced
@@ -8762,7 +8764,9 @@ CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to versio
 	NOT-FOR-US: Discourse
 CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
 	- tomcat10 10.1.25-1
+	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
 	- tomcat9 9.0.70-2
+	[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
 	NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
 	NOTE: https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3 (10.1.25)
 	NOTE: https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f (9.0.90)
@@ -156662,7 +156666,7 @@ CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0
 CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...)
 	{DLA-3180-1}
 	- python-scciclient 0.12.3-2 (bug #1018213)
-	[bullseye] - python-scciclient 0.8.0-2+deb11u1
+	[bullseye] - python-scciclient <no-dsa> (Minor issue)
 	NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
 CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O container  ...)
 	- cri-o <itp> (bug #979702)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b01e79086eb94c413a379c73c63b74a6db97d3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b01e79086eb94c413a379c73c63b74a6db97d3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240809/dc3a62d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list