[Git][security-tracker-team/security-tracker][master] 2 commits: bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 19 15:56:36 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e7c4eb5 by Moritz Muehlenhoff at 2024-12-19T16:37:43+01:00
bookworm triage

- - - - -
8a380e09 by Moritz Muehlenhoff at 2024-12-19T16:37:45+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242,9 +242,11 @@ CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious pay
 	NOT-FOR-US: Optimizely Configured Commerce
 CVE-2024-56170 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...)
 	- fort-validator <unfixed>
+	[bookworm] - fort-validator <no-dsa> (Minor issue)
 	NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56169 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...)
 	- fort-validator <unfixed>
+	[bookworm] - fort-validator <no-dsa> (Minor issue)
 	NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that stores  ...)
 	NOT-FOR-US: pghoard
@@ -373,6 +375,7 @@ CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples
 	NOTE: https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533 (9.0.98)
 CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access contro ...)
 	- dante <unfixed>
+	[bookworm] - dante <no-dsa> (Minor issue)
 	NOTE: https://www.inet.no/dante/advisory-2024-12-16.txt
 CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Follo ...)
 	NOT-FOR-US: Dell
@@ -2284,6 +2287,7 @@ CVE-2024-47543 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10)
 CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling compo ...)
 	- gst-plugins-base1.0 1.24.10-1
+	[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0008.html
@@ -4737,6 +4741,7 @@ CVE-2024-53992 (unzip-bot is a Telegram bot to extract various types of archives
 	NOT-FOR-US: unzip-bot
 CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to easily e ...)
 	- async-http-client <unfixed> (bug #1089228)
+	[bookworm] - async-http-client <no-dsa> (Minor issue)
 	NOTE: https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv
 	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1964
 	NOTE: https://github.com/AsyncHttpClient/async-http-client/pull/2033
@@ -7214,6 +7219,7 @@ CVE-2024-7016 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: Smarttek Informatics Smart Doctor
 CVE-2024-53432 (While parsing certain malformed PLY files, PCL version 1.14.1 crashes  ...)
 	- pcl <unfixed> (bug #1088186)
+	[bookworm] - pcl <no-dsa> (Minor issue)
 	NOTE: https://github.com/PointCloudLibrary/pcl/issues/6162
 	NOTE: https://github.com/PointCloudLibrary/pcl/pull/6179
 CVE-2024-53429 (Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, wh ...)
@@ -16139,7 +16145,7 @@ CVE-2024-10011 (The BuddyPress plugin for WordPress is vulnerable to Directory T
 	NOT-FOR-US: WordPress plugin
 CVE-2024-48426 (A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Ex ...)
 	- assimp <unfixed> (bug #1086043)
-	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/5789
 CVE-2024-48425 (A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMesh ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eba28ed0bf61f8d52423fbd2021ff3232f4bd065...8a380e099a520834ce10333e44be59078adced27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eba28ed0bf61f8d52423fbd2021ff3232f4bd065...8a380e099a520834ce10333e44be59078adced27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241219/f1d7b95e/attachment.htm>

More information about the debian-security-tracker-commits mailing list