[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)
Chris Lamb (@lamby)
lamby at debian.org
Tue Feb 13 18:16:18 GMT 2024
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9de3efaf by Chris Lamb at 2024-02-13T18:13:24+00:00
data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)
- - - - -
61cf5b52 by Chris Lamb at 2024-02-13T18:14:31+00:00
Triage CVE-2024-24815 & CVE-2024-24816 in ckeditor for buster LTS.
- - - - -
dc4cf461 by Chris Lamb at 2024-02-13T18:14:55+00:00
Triage CVE-2023-42282 in node-ip for buster LTS.
- - - - -
72d61192 by Chris Lamb at 2024-02-13T18:15:49+00:00
data/dla-needed.txt: Triage lucene-solr for buster LTS (CVE-2023-50291, CVE-2023-50292, CVE-2023-50298 & CVE-2023-50386)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -727,6 +727,7 @@ CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker
- node-ip <unfixed> (bug #1063535)
[bookworm] - node-ip <no-dsa> (Minor issue)
[bullseye] - node-ip <no-dsa> (Minor issue)
+ [buster] - node-ip <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/
NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
NOTE: https://github.com/indutny/node-ip/issues/136
@@ -835,6 +836,7 @@ CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
- ckeditor <unfixed> (bug #1063536)
[bookworm] - ckeditor <no-dsa> (Minor issue)
[bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1063537)
[bookworm] - ckeditor3 <no-dsa> (Minor issue)
[bullseye] - ckeditor3 <no-dsa> (Minor issue)
@@ -845,6 +847,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
- ckeditor <unfixed> (bug #1063536)
[bookworm] - ckeditor <no-dsa> (Minor issue)
[bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1063537)
[bookworm] - ckeditor3 <no-dsa> (Minor issue)
[bullseye] - ckeditor3 <no-dsa> (Minor issue)
=====================================
data/dla-needed.txt
=====================================
@@ -82,6 +82,9 @@ edk2
NOTE: 20231230: Added by Front-Desk (lamby)
NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby)
--
+engrampa
+ NOTE: 20240213: Added by Front-Desk (lamby)
+--
exiftags
NOTE: 20240121: Added by Front-Desk (apo)
--
@@ -159,6 +162,9 @@ linux (Ben Hutchings)
linux-5.10
NOTE: 20231005: perma-added for LTS package-specific delegation (bwh)
--
+lucene-solr
+ NOTE: 20240213: Added by Front-Desk (lamby)
+--
nova
NOTE: 20230302: Re-add, request by maintainer (Beuc)
NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240213/372235bf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list