[Git][security-tracker-team/security-tracker][master] 9 commits: CVE-2024-8443/opensc: Add reference to upstream fixes
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sat Dec 7 15:31:09 GMT 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20ae75c3 by Guilhem Moulin at 2024-12-07T16:25:56+01:00
CVE-2024-8443/opensc: Add reference to upstream fixes
- - - - -
0cbaa3ed by Guilhem Moulin at 2024-12-07T16:25:58+01:00
CVE-2024-45615/opensc: Add reference to upstream's vulnerability pages
- - - - -
e77330f6 by Guilhem Moulin at 2024-12-07T16:26:00+01:00
CVE-2024-45616/opensc: Add reference to upstream's vulnerability page
- - - - -
12a18f78 by Guilhem Moulin at 2024-12-07T16:26:01+01:00
CVE-2024-45617/opensc: Add reference to upstream's vulnerability page
- - - - -
b3eca9ca by Guilhem Moulin at 2024-12-07T16:26:03+01:00
CVE-2023-5992/opensc: Add reference to GitHub's advisory
- - - - -
2d074a45 by Guilhem Moulin at 2024-12-07T16:26:05+01:00
CVE-2024-45618/opensc: Add reference to upstream's vulnerability page
- - - - -
6c70be07 by Guilhem Moulin at 2024-12-07T16:26:07+01:00
CVE-2024-45619/opensc: Add reference to upstream's vulnerability page
- - - - -
9db7b080 by Guilhem Moulin at 2024-12-07T16:26:09+01:00
CVE-2024-45620/opensc: Add reference to upstream's vulnerability page
- - - - -
ed34a0e8 by Guilhem Moulin at 2024-12-07T16:26:26+01:00
LTS: claim python-urllib3 in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -24204,8 +24204,11 @@ CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulner
CVE-2024-8443 (A heap-based buffer overflow vulnerability was found in the libopensc ...)
- opensc <unfixed> (bug #1082853)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-8443
+ NOTE: Fixed by https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e (0.26.0-rc1)
+ NOTE: Fixed by https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc (0.26.0-rc1)
CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ...)
- spip 4.3.2+dfsg-1
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html?lang=fr
@@ -25295,33 +25298,41 @@ CVE-2024-37136 (Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposu
CVE-2024-45620 (A vulnerability was found in the pkcs15-init tool in OpenSC. An attack ...)
- opensc <unfixed> (bug #1082864)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309289
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45620
CVE-2024-45619 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc <unfixed> (bug #1082863)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309288
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45619
CVE-2024-45618 (A vulnerability was found in pkcs15-init in OpenSC. An attacker could ...)
- opensc <unfixed> (bug #1082862)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309287
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45618
CVE-2024-45617 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc <unfixed> (bug #1082861)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309286
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45617
CVE-2024-45616 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc <unfixed> (bug #1082860)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309290
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45616
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
CVE-2024-45615 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc <unfixed> (bug #1082859)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309285
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45615
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
CVE-2024-45310 (runc is a CLI tool for spawning and running containers according to th ...)
- runc 1.1.15+ds1-1 (bug #1082865)
[bookworm] - runc <no-dsa> (Minor issue)
@@ -87524,6 +87535,7 @@ CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption paddi
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h6ww-xfc2-jw4h
NOTE: https://github.com/OpenSC/OpenSC/pull/2948
NOTE: Regression fix: https://github.com/OpenSC/OpenSC/pull/3077 (0.25.1)
CVE-2024-1060 (Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allo ...)
=====================================
data/dla-needed.txt
=====================================
@@ -181,7 +181,7 @@ python-aiohttp
python-tornado (dleidert)
NOTE: 20241130: Added by Front-Desk (ta)
--
-python-urllib3
+python-urllib3 (guilhem)
NOTE: 20241206: Added by coordinator (roberto)
NOTE: 20241206: CVE-2023-43804 and CVE-2023-45803 were fixed in buster, are still open (no-dsa) in bullseye and bookworm
NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/174
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a87b068b977a4f4d2651d4352ee640aa2f91b606...ed34a0e836b0e60e1acb46d8ac8c22cbd60fa16d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a87b068b977a4f4d2651d4352ee640aa2f91b606...ed34a0e836b0e60e1acb46d8ac8c22cbd60fa16d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241207/754f2bb4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list