[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)

Tue Feb 13 18:16:18 GMT 2024


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9de3efaf by Chris Lamb at 2024-02-13T18:13:24+00:00
data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)

- - - - -
61cf5b52 by Chris Lamb at 2024-02-13T18:14:31+00:00
Triage CVE-2024-24815 & CVE-2024-24816 in ckeditor for buster LTS.

- - - - -
dc4cf461 by Chris Lamb at 2024-02-13T18:14:55+00:00
Triage CVE-2023-42282 in node-ip for buster LTS.

- - - - -
72d61192 by Chris Lamb at 2024-02-13T18:15:49+00:00
data/dla-needed.txt: Triage lucene-solr for buster LTS (CVE-2023-50291, CVE-2023-50292, CVE-2023-50298 & CVE-2023-50386)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -727,6 +727,7 @@ CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker
 	- node-ip <unfixed> (bug #1063535)
 	[bookworm] - node-ip <no-dsa> (Minor issue)
 	[bullseye] - node-ip <no-dsa> (Minor issue)
+	[buster] - node-ip <no-dsa> (Minor issue)
 	NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/
 	NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
 	NOTE: https://github.com/indutny/node-ip/issues/136
@@ -835,6 +836,7 @@ CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
 	- ckeditor <unfixed> (bug #1063536)
 	[bookworm] - ckeditor <no-dsa> (Minor issue)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
+	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1063537)
 	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
@@ -845,6 +847,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
 	- ckeditor <unfixed> (bug #1063536)
 	[bookworm] - ckeditor <no-dsa> (Minor issue)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
+	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1063537)
 	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -82,6 +82,9 @@ edk2
   NOTE: 20231230: Added by Front-Desk (lamby)
   NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby)
 --
+engrampa
+  NOTE: 20240213: Added by Front-Desk (lamby)
+--
 exiftags
   NOTE: 20240121: Added by Front-Desk (apo)
 --
@@ -159,6 +162,9 @@ linux (Ben Hutchings)
 linux-5.10
   NOTE: 20231005: perma-added for LTS package-specific delegation (bwh)
 --
+lucene-solr
+  NOTE: 20240213: Added by Front-Desk (lamby)
+--
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240213/372235bf/attachment-0001.htm>
