[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon Dec 23 11:58:16 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c97f2d7 by Moritz Muehlenhoff at 2024-12-23T12:57:57+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vul ...)
 	- poppler <unfixed>
+	[bookworm] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
 CVE-2024-56375 (An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6 ...)
@@ -684,6 +685,7 @@ CVE-2024-53688 (Improper neutralization of special elements used in an OS comman
 	NOT-FOR-US: FXC AE1021
 CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing entries ( ...)
 	- ldap-account-manager <unfixed> (bug #1090934)
+	[bookworm] - ldap-account-manager <no-dsa> (Minor issue)
 	NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc
 CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to obtain se ...)
 	NOT-FOR-US: H3C switch h3c-S1526
@@ -30879,6 +30881,7 @@ CVE-2024-45240 (The TikTok (aka com.zhiliaoapp.musically) application before 34.
 CVE-2024-45239 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	- fort-validator 1.6.3-1
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
+	NOTE: https://github.com/NICMx/FORT-validator/commit/942f921ba7244cdcf4574cedc4c16392a7cc594b (1.6.3)
 CVE-2024-45238 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	- fort-validator 1.6.3-1
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 cacti
 --
+fastnetmon (jmm)
+--
 frr
   coordination with the maintainer ongoing
 --
@@ -52,7 +54,7 @@ trafficserver
 --
 wordpress
 --
-xen
+xen (jmm)
 --
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c97f2d70df6784c05d38a9987c8d78b5b0151c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c97f2d70df6784c05d38a9987c8d78b5b0151c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241223/5a453300/attachment-0001.htm>
