[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Dec 5 10:11:43 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4762c0c by Moritz Muehlenhoff at 2024-12-05T11:11:29+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -527,6 +527,7 @@ CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to ea
NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425 (async-http-client-project-3.0.1)
CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation. When the ...)
- nanopb 0.4.9.1-1 (bug #1088994)
+ [bookworm] - nanopb <no-dsa> (Minor issue)
NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r
NOTE: Fixed by: https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378
CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. When pars ...)
@@ -7887,6 +7888,7 @@ CVE-2024-48010 (Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10
NOT-FOR-US: Dell
CVE-2024-47072 (XStream is a simple library to serialize objects to XML and back again ...)
- libxstream-java 1.4.21-1 (bug #1087274)
+ [bookworm] - libxstream-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
NOTE: https://x-stream.github.io/CVE-2024-47072.html
CVE-2024-46961 (The Inshot com.downloader.privatebrowser (aka Video Downloader - XDown ...)
@@ -12392,6 +12394,7 @@ CVE-2024-9287 (A vulnerability has been found in the CPython `venv` module and C
- python3.9 <removed>
- python2.7 <not-affected> (Vulnerable code not present)
- pypy3 <unfixed>
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
NOTE: https://github.com/python/cpython/issues/124651
NOTE: https://github.com/python/cpython/pull/124712
=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ chromium (dilinger)
frr
coordination with the maintainer ongoing
--
+jetty9
+--
libreswan
Waiting on feedback from maintainer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4762c0cc5a596df636a6bfd38db52e4c4b2a61f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4762c0cc5a596df636a6bfd38db52e4c4b2a61f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241205/65d405d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list