[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2024-43407 as postponed for Bullseye

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Aug 25 23:07:02 BST 2024 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44f6c1a9 by Thorsten Alteholz at 2024-08-25T23:42:09+02:00
mark CVE-2024-43407 as postponed for Bullseye

- - - - -
c099ac8c by Thorsten Alteholz at 2024-08-25T23:47:55+02:00
add nss

- - - - -
91b05c80 by Thorsten Alteholz at 2024-08-26T00:00:01+02:00
add unbound

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -775,6 +775,7 @@ CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an untru
 	NOT-FOR-US: Russh
 CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed>
+	[bullseye] - ckeditor <postponed> (Minor issue)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
 	NOTE: Fixed by removing the plugins/codesnippetgeshi/dev directory completely.
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94 (4.25.0-lts)


=====================================
data/dla-needed.txt
=====================================
@@ -204,6 +204,9 @@ nsis (dleidert)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-37378) (Beuc/front-desk)
 --
+nss
+  NOTE: 20240825: Added by Front-Desk (ta)
+--
 opensc (guilhem)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from buster DLA-3463-1 (5 CVEs) and bookworm 12.4 (2 CVEs) (Beuc/front-desk)
@@ -329,6 +332,9 @@ twisted
   NOTE: 20240807: Added by oldstable Security Team (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
 --
+unbound
+  NOTE: 20240825: Added by Front-Desk (ta)
+--
 upx-ucl
   NOTE: 20240815: Added by Front-Desk (Beuc)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/435f1f0584824b84bba026f39fc7b69f859d48eb...91b05c809b9cd65655b93e9d3ba1315a1f040b38

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/435f1f0584824b84bba026f39fc7b69f859d48eb...91b05c809b9cd65655b93e9d3ba1315a1f040b38
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240825/03aaec1c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list