[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2024-7246/grpc: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Aug 17 09:24:09 BST 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce17947f by Sylvain Beucler at 2024-08-17T10:23:44+02:00
CVE-2024-7246/grpc: bullseye postponed

- - - - -
ab73583e by Sylvain Beucler at 2024-08-17T10:23:46+02:00
CVE-2024-6237/389-ds-base: bullseye postponed

- - - - -
3568846b by Sylvain Beucler at 2024-08-17T10:23:48+02:00
biosig: bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2291,6 +2291,7 @@ CVE-2024-7317 (The Folders \u2013 Unlimited Folders to Organize Media Library Fo
 CVE-2024-7246 (It's possible for a gRPC client communicating with a HTTP/2 proxy to p ...)
 	- grpc <unfixed>
 	[bookworm] - grpc <no-dsa> (Minor issue)
+	[bullseye] - grpc <postponed> (Minor issue, light cache poisoning and infoleak)
 	NOTE: https://github.com/grpc/grpc/issues/36245
 	NOTE: Fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
 CVE-2024-6720 (The Light Poll WordPress plugin through 1.0.0 does not have CSRF check ...)
@@ -9090,6 +9091,7 @@ CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site S
 CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an unau ...)
 	- 389-ds-base 2.4.5+dfsg1-1
 	[bookworm] - 389-ds-base <no-dsa> (Minor issue)
+	[bullseye] - 389-ds-base <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/389ds/389-ds-base/issues/5989
 	NOTE: https://github.com/389ds/389-ds-base/commit/e8dd583685e6143f2027f97569de4cc45ba46e14 (389-ds-base-2.4.5)
 CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...)
@@ -53542,26 +53544,31 @@ CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer
 CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919
 	NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-23606 (An out-of-bounds write vulnerability exists in the sopen_FAMOS_read fu ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23313 (An integer underflow vulnerability exists in the sopen_FAMOS_read func ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read function ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23305 (An out-of-bounds write vulnerability exists in the BrainVisionMarker P ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918
 	NOTE: https://sourceforge.net/p/biosig/code/ci/76c1369de1a9a24feed558ab8834b4410310b07b/
 CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary ...)
@@ -53573,6 +53580,7 @@ CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack vulnerabilitie
 CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header Parsing f ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917
 	NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with preexistin ...)
@@ -53580,11 +53588,13 @@ CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with pree
 CVE-2024-21812 (An integer overflow vulnerability exists in the sopen_FAMOS_read funct ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921
 	NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi parsing  ...)
 	- biosig 2.6.0-1
 	[bookworm] - biosig <no-dsa> (Minor issue)
+	[bullseye] - biosig <postponed> (Minor issue, follow bookworm updates)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920
 	NOTE: https://sourceforge.net/p/biosig/code/ci/71057b016be545974565fdc0f903871c345da412/
 CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a7bd72baf77cff6bf4cf005cebe9bb85b23f49c...3568846b5a4c335a4ff80a2ba3ec5f595cfed2a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a7bd72baf77cff6bf4cf005cebe9bb85b23f49c...3568846b5a4c335a4ff80a2ba3ec5f595cfed2a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/5575acac/attachment.htm>

More information about the debian-security-tracker-commits mailing list