[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 14 11:07:16 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d69ce1b8 by Moritz Muehlenhoff at 2024-02-14T11:33:05+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -531,6 +531,8 @@ CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475
CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC driver in ...)
- opensc <unfixed>
+ [bookworm] - opensc <no-dsa> (Minor issue)
+ [bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2263929
NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9
CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an attacker to ...)
@@ -1831,11 +1833,15 @@ CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (
NOT-FOR-US: media-server
CVE-2024-24259 (freeglut through 3.4.0 was discovered to contain a memory leak via the ...)
- freeglut <unfixed> (bug #1063801)
+ [bookworm] - freeglut <no-dsa> (Minor issue)
+ [bullseye] - freeglut <no-dsa> (Minor issue)
NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
NOTE: https://github.com/freeglut/freeglut/pull/155
NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
CVE-2024-24258 (freeglut 3.4.0 was discovered to contain a memory leak via the menuEnt ...)
- freeglut <unfixed> (bug #1063801)
+ [bookworm] - freeglut <no-dsa> (Minor issue)
+ [bullseye] - freeglut <no-dsa> (Minor issue)
NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
NOTE: https://github.com/freeglut/freeglut/pull/155
NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
@@ -48817,6 +48823,8 @@ CVE-2023-1933
CVE-2023-1932 [rendering of invalid html with SafeHTML leads to HTML injection and XSS]
RESERVED
- libhibernate-validator-java <unfixed> (bug #1063540)
+ [bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
CVE-2023-1931 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WP Fastest Cache plugin for WordPress
=====================================
data/dsa-needed.txt
=====================================
@@ -44,6 +44,8 @@ opennds/stable
--
openvswitch
--
+pdns-recursor
+--
php-cas/oldstable
--
php-dompdf-svg-lib/stable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69ce1b83e965638d82092f53140ea69b480d519
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69ce1b83e965638d82092f53140ea69b480d519
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/0c3ef2b7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list