[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 16 14:34:32 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2220e4c by Moritz Muehlenhoff at 2024-08-16T15:33:58+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8965,6 +8965,7 @@ CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site S
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an unau ...)
 	- 389-ds-base 2.4.5+dfsg1-1
+	[bookworm] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://github.com/389ds/389-ds-base/issues/5989
 	NOTE: https://github.com/389ds/389-ds-base/commit/e8dd583685e6143f2027f97569de4cc45ba46e14 (389-ds-base-2.4.5)
 CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...)
@@ -53416,22 +53417,27 @@ CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 (v8.2.0-rc0)
 CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919
 	NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-23606 (An out-of-bounds write vulnerability exists in the sopen_FAMOS_read fu ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23313 (An integer underflow vulnerability exists in the sopen_FAMOS_read func ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read function ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23305 (An out-of-bounds write vulnerability exists in the BrainVisionMarker P ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918
 	NOTE: https://sourceforge.net/p/biosig/code/ci/76c1369de1a9a24feed558ab8834b4410310b07b/
 CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary ...)
@@ -53442,16 +53448,19 @@ CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack vulnerabilitie
 	NOT-FOR-US: VMware
 CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header Parsing f ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917
 	NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with preexistin ...)
 	NOT-FOR-US: UniFi
 CVE-2024-21812 (An integer overflow vulnerability exists in the sopen_FAMOS_read funct ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi parsing  ...)
 	- biosig 2.6.0-1
+	[bookworm] - biosig <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920
 	NOTE: https://sourceforge.net/p/biosig/code/ci/71057b016be545974565fdc0f903871c345da412/
 CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ pymatgen
 --
 python-aiohttp
 --
-python-asyncssh
+python-asyncssh (jmm)
 --
 python-reportlab
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2220e4c36ace12896d2f9d8d72220ebb088841b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2220e4c36ace12896d2f9d8d72220ebb088841b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240816/9085ba54/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list