[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Tue Feb 6 20:09:53 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
797ea310 by Moritz Muehlenhoff at 2024-02-06T21:09:00+01:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -321,17 +321,16 @@ CVE-2024-24397 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft
 CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...)
 	NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS
 CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob  ...)
-	- gpac <undetermined>
+	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md
-	TODO: unclear if reported upstream
 CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...)
-	- gpac <undetermined>
+	- gpac <unfixed>
 	NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md
-	TODO: unclear if reported upstream
 CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props  ...)
-	- gpac <undetermined>
+	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md
-	TODO: unclear if reported upstream
 CVE-2024-24263 (Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF ...)
 	NOT-FOR-US: Lotos WebServer
 CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...)
@@ -4946,6 +4945,8 @@ CVE-2022-4958 (A vulnerability classified as problematic has been found in qkmc-
 CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders in the  ...)
 	{DLA-3715-1}
 	- jinja2 <unfixed> (bug #1060748)
+	[bookworm] - jinja2 <no-dsa> (Minor issue)
+	[bullseye] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
 	NOTE: Fixed by: https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23 (3.1.3)
 CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating function ...)
@@ -5312,6 +5313,7 @@ CVE-2023-46712 (A improper access control in Fortinet FortiPortal version 7.0.0
 	NOT-FOR-US: FortiGuard
 CVE-2023-45139 (fontTools is a library for manipulating fonts, written in Python. The  ...)
 	- fonttools 4.46.0-1
+	[bookworm] - fonttools <no-dsa> (Minor issue)
 	[bullseye] - fonttools <not-affected> (Vulnerable code not present)
 	[buster] - fonttools <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797ea310bda69147de664e93c379d87d6b2dd7fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797ea310bda69147de664e93c379d87d6b2dd7fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240206/d3093484/attachment.htm>
