[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2024-8088 as ignored for Bullseye

Sun Aug 25 16:31:21 BST 2024


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ece6797 by Thorsten Alteholz at 2024-08-25T17:20:03+02:00
mark CVE-2024-8088 as ignored for Bullseye

- - - - -
afb0a69a by Thorsten Alteholz at 2024-08-25T17:20:03+02:00
add webkit2gtk

- - - - -
8cbfb67d by Thorsten Alteholz at 2024-08-25T17:27:00+02:00
mark CVE-2024-22034 as postponed for Bullseye

- - - - -
755ebecd by Thorsten Alteholz at 2024-08-25T17:29:30+02:00
mark CVE-2024-6221 as postponed for Bullseye

- - - - -
75792ed3 by Thorsten Alteholz at 2024-08-25T17:30:37+02:00
mark CVE-2024-42353 as postponed for Bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -291,6 +291,7 @@ CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython "zip
 	- python3.11 <unfixed>
 	- python3.9 <removed>
 	- python2.7 <removed>
+	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/
 	NOTE: https://github.com/python/cpython/pull/122906
 	NOTE: https://github.com/python/cpython/issues/122905
@@ -1109,6 +1110,7 @@ CVE-2024-8007 (A flaw was found in the Red Hat OpenStack Platform (RHOSP) direct
 CVE-2024-22034
 	- osc 1.9.0-1
 	[bookworm] - osc <no-dsa> (Minor issue)
+	[bullseye] - osc <postponed> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225911
 CVE-2024-43882 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.10.6-1
@@ -1720,6 +1722,7 @@ CVE-2024-7904 (A vulnerability was found in DedeBIZ 6.3.0. It has been rated as
 CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...)
 	- python-flask-cors <unfixed>
 	[bookworm] - python-flask-cors <no-dsa> (Minor issue)
+	[bullseye] - python-flask-cors <postponed> (Minor issue)
 	NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
 CVE-2024-43353 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
@@ -2695,6 +2698,7 @@ CVE-2024-43275 (Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts In
 CVE-2024-42353 (WebOb provides objects for HTTP requests and responses. When WebOb nor ...)
 	- python-webob <unfixed> (bug #1078879)
 	[bookworm] - python-webob <no-dsa> (Minor issue)
+	[bullseye] - python-webob <postponed> (Minor issue)
 	NOTE: https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
 	NOTE: Fixed by: https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b (1.8.8)
 CVE-2024-25024 (IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pa ...)


=====================================
data/dla-needed.txt
=====================================
@@ -332,6 +332,9 @@ twisted
 upx-ucl
   NOTE: 20240815: Added by Front-Desk (Beuc)
 --
+webkit2gtk
+  NOTE: 20240824: Added by Front-Desk (ta)
+--
 wireshark
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ceef5d03cc15cd71c6537adece7d0fef5c4e2f7...75792ed309ce25d5a04164350d80f8c2ac80f817

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ceef5d03cc15cd71c6537adece7d0fef5c4e2f7...75792ed309ce25d5a04164350d80f8c2ac80f817
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240825/c9e8902d/attachment.htm>
