[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 10 16:36:50 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba8e02f3 by Moritz Muehlenhoff at 2024-12-10T17:34:18+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -210,6 +210,7 @@ CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 allows attackers without v
 	NOT-FOR-US: Serviceware Processes
 CVE-2024-46901 (Insufficient validation of filenames against control characters in Apa ...)
 	- subversion 1.14.5-1
+	[bookworm] - subversion <no-dsa> (Minor issue)
 	NOTE: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
 CVE-2024-46547 (A vulnerability was found in Romain Bourdon Wampserver all versions (d ...)
 	NOT-FOR-US: Romain Bourdon Wampserver
@@ -421,6 +422,7 @@ CVE-2023-32094 (Missing Authorization vulnerability in Felix Welberg Extended Po
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12224 [RUSTSEC-2024-0421]
 	- rust-idna <unfixed>
+	[bookworm] - rust-idna <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0421.html
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and  ...)
@@ -434,8 +436,9 @@ CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows bef
 CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as auth_microsoft_offi ...)
 	- zammad <itp> (bug #841355)
 CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file (locat ...)
-	- colpack <unfixed>
+	- colpack <unfixed> (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
+	NOTE: Negligible security impact with fs.protected_symlinks=1 being the standard in Debian
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
 	- node-postcss <unfixed>
 	NOTE: node-postcss bundles nanoid



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8e02f3509a9886548f91c2ad5d0bd5ac9a1c22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8e02f3509a9886548f91c2ad5d0bd5ac9a1c22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/9c00b16d/attachment.htm>

More information about the debian-security-tracker-commits mailing list