[Git][security-tracker-team/security-tracker][master] Track cacti update which is proposed via bookworm point release

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 23 20:26:45 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e61d238a by Salvatore Bonaccorso at 2024-08-23T21:25:11+02:00
Track cacti update which is proposed via bookworm point release

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -29637,6 +29637,7 @@ CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project
 	NOT-FOR-US: matrix-sdk-crypto Rust crate
 CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
 	NOTE: Included in commit: https://github.com/Cacti/cacti/commit/6183961089980322dfd9fd8011ade0f41703eaea
 CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
@@ -29675,26 +29676,32 @@ CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a
 	NOT-FOR-US: TotalAV
 CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
 	NOTE: https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e
 CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
 	NOTE: https://github.com/Cacti/cacti/commit/96d9a4c60693d87ba0e347f1c7d33047b4effc61
 CVE-2024-31458 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
 	NOTE: https://github.com/Cacti/cacti/commit/9e87882007b6091171d1a4786f0de4ae20efef7b
 CVE-2024-31445 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
 	NOTE: https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
 CVE-2024-31444 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
 	NOTE: https://github.com/Cacti/cacti/commit/86d614c38c54e0ce58774d86617ecfbb853fb57b
 CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
 	NOTE: https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
 CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N.  ...)
@@ -29721,6 +29728,7 @@ CVE-2024-29895 (Cacti provides an operational monitoring and fault management fr
 	NOTE: But fix reverted again: https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc
 CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9c75f8da5b609d17c8c031fd46362f730358b792 (1.2.27)
 	NOTE: Follow-up fix: https://github.com/Cacti/cacti/commit/6a82fa1abe81d96238a87727087572ff749d0a8d (1.2.x)
@@ -29744,6 +29752,7 @@ CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Si
 	NOT-FOR-US: Sourcecodester School Task Manager
 CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Minor issue)
 	NOTE: GitHub GHSA: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
 	NOTE: bug: https://github.com/Cacti/cacti/issues/5798
 	NOTE: Commit [1/6] https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
@@ -29756,6 +29765,7 @@ CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusio
 	NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion
 CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
 	NOTE: https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
 	NOTE: https://github.com/Cacti/cacti/commit/624673fd417a920adbbfb4b6d6eb7ddb35a9f891 (release/1.2.27)


=====================================
data/next-point-update.txt
=====================================
@@ -120,3 +120,21 @@ CVE-2024-6782
 	[bookworm] - calibre 6.13.0+repack-2+deb12u4
 CVE-2024-7264
 	[bookworm] - curl 7.88.1-10+deb12u7
+CVE-2024-25641
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-29894
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31443
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31444
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31445
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31458
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31459
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-31460
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
+CVE-2024-34340
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61d238a27727bae494ed5fec7c1deae871afa2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61d238a27727bae494ed5fec7c1deae871afa2b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240823/15105b2e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list