[Git][security-tracker-team/security-tracker][master] bookworm triage

Fri Dec 6 13:21:44 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bba6a790 by Moritz Muehlenhoff at 2024-12-06T14:21:13+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,6 +13,7 @@ CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, th
 	NOTE: incus: https://github.com/lxc/incus/commit/d2bb0d86031cb0c1319914f1fb3842c058edb776 (v0.3.0)
 CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...)
 	- lxd <unfixed>
+	[bookworm] - lxd <no-dsa> (Minor issue)
 	- incus <unfixed>
 	NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v
 CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sigstore  ...)
@@ -20,7 +21,7 @@ CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sig
 CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary F ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://bushido-sec.com/index.php/2024/12/05/binutils-objdump-tekhex-buffer-overflow/
-	NOTE: NOTE: binutils not covered by security support
+	NOTE: binutils not covered by security support
 CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable ...)
 	NOT-FOR-US: JSFinder
 CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the Device Settin ...)
@@ -101938,7 +101939,7 @@ CVE-2023-47117 (Label Studio is an open source data labeling tool. In all curren
 CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control the rem ...)
 	{DLA-3899-1}
 	- python-asyncssh 2.15.0-1 (bug #1055999)
-	[bookworm] - python-asyncssh <ignored> (Minor issue)
+	[bookworm] - python-asyncssh <no-dsa> (Minor issue)
 	[buster] - python-asyncssh <no-dsa> (Minor issue)
 	NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
 	NOTE: https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e (v2.14.1)


=====================================
data/dsa-needed.txt
=====================================
@@ -35,8 +35,13 @@ mosquitto
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+proftpd-dfsg
+--
 python-aiohttp (jmm)
 --
+python-django
+  Chris is working on it
+--
 python-tornado
 --
 ring



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6a7907bb64b88c192142f5061998171ac445d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6a7907bb64b88c192142f5061998171ac445d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/96836cf6/attachment-0001.htm>
