[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2024-24820 in icingaweb2-module-director for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Thu Dec 12 10:44:34 GMT 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c42ffce by Chris Lamb at 2024-12-12T10:35:56+00:00
Triage CVE-2024-24820 in icingaweb2-module-director for bullseye LTS.

- - - - -
216a9289 by Chris Lamb at 2024-12-12T10:41:54+00:00
Triage CVE-2024-55564 in libposix-2008-perl for bullseye LTS.

- - - - -
6ad7e6c9 by Chris Lamb at 2024-12-12T10:42:18+00:00
Triage CVE-2024-55565 in node-postcss for bullseye LTS.

- - - - -
75f338d2 by Chris Lamb at 2024-12-12T10:42:38+00:00
Triage CVE-2024-53981 in python-multipart for bullseye LTS.

- - - - -
7aafdabe by Chris Lamb at 2024-12-12T10:43:49+00:00
Triage CVE-2024-12224 in rust-idna for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1694,6 +1694,7 @@ CVE-2023-32094 (Missing Authorization vulnerability in Felix Welberg Extended Po
 CVE-2024-12224 [RUSTSEC-2024-0421]
 	- rust-idna <unfixed> (bug #1089662)
 	[bookworm] - rust-idna <no-dsa> (Minor issue)
+	[bullseye] - rust-idna <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0421.html
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and  ...)
@@ -1713,12 +1714,14 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
 	- node-postcss <unfixed>
 	[bookworm] - node-postcss <no-dsa> (Minor issue)
+	[bullseye] - node-postcss <postponed> (Minor issue; can be fixed in next update)
 	NOTE: node-postcss bundles nanoid
 	NOTE: https://github.com/ai/nanoid/pull/510
 	NOTE: https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c (3.3.8)
 CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...)
 	- libposix-2008-perl 0.24-1
 	[bookworm] - libposix-2008-perl <no-dsa> (Minor issue)
+	[bullseye] - libposix-2008-perl <postponed> (Minor issue; can be fixed in next update)
 CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...)
 	- bitcoin <removed>
 CVE-2024-55560 (MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh ...)
@@ -2957,6 +2960,7 @@ CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation.  Wh
 CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. When pars ...)
 	- python-multipart <unfixed> (bug #1088991)
 	[bookworm] - python-multipart <no-dsa> (Minor issue)
+	[bullseye] - python-multipart <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19 (0.0.18)
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177 (0.0.19)
@@ -87471,6 +87475,7 @@ CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affect
 CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...)
 	- icingaweb2-module-director 1.11.1-1
 	[bookworm] - icingaweb2-module-director <no-dsa> (Minor issue)
+	[bullseye] - icingaweb2-module-director <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3
 	NOTE: https://github.com/Icinga/icingaweb2-module-director/commit/f1e54348c8362b3010eb2d87d8cf380d5ba55135 (v1.10.3)
 CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ca59f8ce38aec4f0bb306b7f7dbf6fdacb1189...7aafdabe7227fbbfaea9d6d002074a6ca1b48223

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ca59f8ce38aec4f0bb306b7f7dbf6fdacb1189...7aafdabe7227fbbfaea9d6d002074a6ca1b48223
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/80d70106/attachment.htm>

More information about the debian-security-tracker-commits mailing list