[Git][security-tracker-team/security-tracker][master] 6 commits: Mark CVE-2024-1062/389-ds-base as no-dsa for buster

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Mon Feb 12 12:46:16 GMT 2024 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ae7abee by Utkarsh Gupta at 2024-02-12T18:13:37+05:30
Mark CVE-2024-1062/389-ds-base as no-dsa for buster

- - - - -
63f7f54d by Utkarsh Gupta at 2024-02-12T18:14:03+05:30
Mark CVE-2024-25062/libxml2 as no-dsa for buster

- - - - -
9c07d9b1 by Utkarsh Gupta at 2024-02-12T18:14:31+05:30
Mark CVE-2021-4435/node-yarnpkg as no-dsa for buster

- - - - -
385365ef by Utkarsh Gupta at 2024-02-12T18:15:04+05:30
Mark CVE-2024-23334/python-aiohttp as no-dsa for buster

- - - - -
e62809b1 by Utkarsh Gupta at 2024-02-12T18:15:24+05:30
Mark CVE-2024-23829/python-aiohttp as no-dsa for buster

- - - - -
386fab4b by Utkarsh Gupta at 2024-02-12T18:15:45+05:30
Mark CVE-2024-22667/vim as no-dsa for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1350,6 +1350,7 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because di
 	- vim 2:9.0.2189-1
 	[bookworm] - vim <no-dsa> (Minor issue)
 	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 (v9.0.2142)
 	NOTE: https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
 CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...)
@@ -1399,6 +1400,7 @@ CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x befo
 	- libxml2 <unfixed> (bug #1063234)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
 	[bullseye] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 (v2.11.7)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970884fcc13305cb8e23cdc5f0dd7667c2c (v2.12.5)
@@ -2174,6 +2176,7 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value
 	- 389-ds-base <unfixed>
 	[bookworm] - 389-ds-base <no-dsa> (Minor issue)
 	[bullseye] - 389-ds-base <no-dsa> (Minor issue)
+	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711
 	NOTE: https://github.com/389ds/389-ds-base/issues/5647
@@ -2339,6 +2342,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	- python-aiohttp <unfixed> (bug #1062708)
 	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
 	[bullseye] - python-aiohttp <no-dsa> (Minor issue)
+	[buster] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
 	NOTE: https://github.com/aio-libs/aiohttp/pull/8074
 	NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master)
@@ -2347,6 +2351,7 @@ CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	- python-aiohttp <unfixed> (bug #1062709)
 	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
 	[bullseye] - python-aiohttp <no-dsa> (Minor issue)
+	[buster] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
 	NOTE: https://github.com/aio-libs/aiohttp/pull/8079
 	NOTE: https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b (master)
@@ -4423,6 +4428,7 @@ CVE-2023-48339 (In jpg driver, there is a possible missing permission check. Thi
 CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a victi ...)
 	- node-yarnpkg 1.22.19+~cs24.27.18-1
 	[bullseye] - node-yarnpkg <no-dsa> (Minor issue)
+	[buster] - node-yarnpkg <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284
 	NOTE: Fixed by: https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 (v1.22.12)
 	TODO: check, too few details in RHBZ#2262284



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240212/bfa94f9c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list