[Git][security-tracker-team/security-tracker][master] bullseye LTS triaging

[Santiago R.R. (@santiago)]

Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ce1315d by Santiago Ruano Rincón at 2024-08-27T21:03:32-03:00
bullseye LTS triaging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -660,6 +660,7 @@ CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7
 CVE-2024-42845 (An eval Injection vulnerability in the component invesalius/reader/dic ...)
 	- invesalius <unfixed>
 	[bookworm] - invesalius <no-dsa> (Minor issue)
+	[bullseye] - invesalius <postponed> (Minor issue)
 	NOTE: https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
 CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorr ...)
 	NOT-FOR-US: Kashipara Bus Ticket Reservation System
@@ -5401,21 +5402,25 @@ CVE-2024-7518 (Select options could obscure the fullscreen notification dialog.
 CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/ (4.2.15)
 CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/ (4.2.15)
 CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/ (4.2.15)
 CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/ (4.2.15)
 CVE-2024-42062 (CloudStack account-users by default use username and password based au ...)
@@ -11817,16 +11822,20 @@ CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the leng
 CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3 (4.2.14)
+	NOTE: Relates to CVE-2023-23969 fix
 CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e (4.2.14)
 CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14 (4.2.14)
 CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
@@ -11846,6 +11855,7 @@ CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS L
 CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
+	[bullseye] - python-django <postponed> (Minor issue; revisit after bookworm fix, if it is possible)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 (4.2.14)
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an  ...)
@@ -13526,6 +13536,7 @@ CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)
 	[bookworm] - 7zip <no-dsa> (Minor issue)
 	- p7zip 16.02+transitional.1
 	[bookworm] - p7zip <no-dsa> (Minor issue)
+	[bullseye] - p7zip <postponed> (Minor issue, sourceforge but is not public)
 	NOTE: https://sourceforge.net/p/sevenzip/bugs/2402/
 	NOTE: https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/03/10



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce1315d9780ec9d2feb94b31c1209f24192fadb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce1315d9780ec9d2feb94b31c1209f24192fadb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240828/f7f982dd/attachment.htm>