[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Dec 11 11:07:13 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27d01493 by Moritz Muehlenhoff at 2024-12-11T11:42:11+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17757,6 +17757,7 @@ CVE-2024-7099 (netease-youdao/qanything version 1.4.1 contains a vulnerability w
NOT-FOR-US: netease-youdao/qanything
CVE-2024-49214 (QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x b ...)
- haproxy 2.9.11-1
+ [bookworm] - haproxy <ignored> (Minor issue and not backported to 2.6.x tree)
NOTE: https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46 (v3.1-dev7)
NOTE: https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=fe5685af820ae62fe5b0d80b5ed7a2ffc41a036f (v2.9.11)
CVE-2024-38863 (Exposure of CSRF tokens in query parameters on specific requests in Ch ...)
@@ -86831,8 +86832,9 @@ CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affect
NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0)
CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...)
- icingaweb2-module-director 1.11.1-1
+ [bookworm] - icingaweb2-module-director <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3
- TODO: check details
+ NOTE: https://github.com/Icinga/icingaweb2-module-director/commit/f1e54348c8362b3010eb2d87d8cf380d5ba55135 (v1.10.3)
CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...)
NOT-FOR-US: icingaweb2-module-incubator
CVE-2024-24499
@@ -262157,14 +262159,11 @@ CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enabl
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...)
- - libgda5 5.2.10-5 (bug #993592)
- [bookworm] - libgda5 <no-dsa> (Minor issue)
- [bullseye] - libgda5 <no-dsa> (Minor issue)
- [buster] - libgda5 <no-dsa> (Minor issue)
- [stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed upstream)
+ - libgda5 5.2.10-5 (bug #993592; unimportant)
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d (master)
+ NOTE: Debian builds with --without-libsoup, which disabled the web functionality using libsoup entirely
CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...)
- gfbgraph 0.2.5-1 (bug #993537)
[bullseye] - gfbgraph <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d014930078b3966be96502eb3138e4ec2eccee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d014930078b3966be96502eb3138e4ec2eccee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241211/7ee26404/attachment.htm>
More information about the debian-security-tracker-commits
mailing list