[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 10 19:18:28 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3fbb311 by Moritz Muehlenhoff at 2024-12-10T20:09:42+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -441,6 +441,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file
NOTE: Negligible security impact with fs.protected_symlinks=1 being the standard in Debian
CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
- node-postcss <unfixed>
+ [bookworm] - node-postcss <no-dsa> (Minor issue)
NOTE: node-postcss bundles nanoid
CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...)
- libposix-2008-perl 0.24-1
@@ -1681,6 +1682,7 @@ CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation. Wh
NOTE: Fixed by: https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378
CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. When pars ...)
- python-multipart <unfixed> (bug #1088991)
+ [bookworm] - python-multipart <no-dsa> (Minor issue)
NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19 (0.0.18)
NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177 (0.0.19)
@@ -21631,6 +21633,7 @@ CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows any
CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In affected vers ...)
{DLA-3947-1}
- puma 6.4.3-1 (bug #1082379)
+ [bookworm] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
NOTE: Fixed by: https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043 (v6.4.3)
CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
=====================================
data/dsa-needed.txt
=====================================
@@ -44,7 +44,7 @@ python-tornado
--
ring
--
-smarty4
+smarty4 (jmm)
--
sogo
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fbb311e94e865420604d225bb74329b577b4f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fbb311e94e865420604d225bb74329b577b4f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/b848c7f6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list