[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 14 13:24:08 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d244b55 by Moritz Muehlenhoff at 2024-02-14T14:22:12+01:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -749,16 +749,19 @@ CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug
NOT-FOR-US: Bento4
CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in the fun ...)
- imlib2 1.10.0-2
+ [bullseye] - imlib2 <no-dsa> (Minor issue)
NOTE: https://github.com/derf/feh/issues/712
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 ...)
- imlib2 1.10.0-2
+ [bullseye] - imlib2 <no-dsa> (Minor issue)
NOTE: https://github.com/derf/feh/issues/711
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of imlib2 ...)
- imlib2 1.10.0-2
+ [bullseye] - imlib2 <no-dsa> (Minor issue)
NOTE: https://github.com/derf/feh/issues/709
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
@@ -59425,7 +59428,7 @@ CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Pro
CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...)
- node-dottie 2.0.6+~2.0.5-1 (bug #1040592)
[bookworm] - node-dottie 2.0.2-4+deb12u1
- [bullseye] - node-dottie 2.0.2-4+deb11u1
+ [bullseye] - node-dottie 2.0.2-1+deb11u1
NOTE: https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763
NOTE: https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68 (v2.0.4)
CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -58,6 +58,10 @@ phppgadmin
--
pillow (jmm)
--
+postgresql-13/oldstable (jmm)
+--
+postgresql-15/stable (jmm)
+--
py7zr/oldstable
--
python-asyncssh
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d244b55d0d6c9768efeb920fc0b1a30c3713105
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d244b55d0d6c9768efeb920fc0b1a30c3713105
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/fdccfc4b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list