[Git][security-tracker-team/security-tracker][master] 2 commits: bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 15 14:46:12 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
241f0ec9 by Moritz Muehlenhoff at 2024-02-15T15:43:52+01:00
bookworm/bullseye triage

- - - - -
3663f614 by Moritz Muehlenhoff at 2024-02-15T15:45:42+01:00
new squid issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,10 @@ CVE-2024-25619 (Mastodon is a free, open-source social network server based on A
 CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
-	TODO: check
+	- squid 6.5-1
+	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr
+	NOTE: https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 (SQUID_6_5)
+	NOTE: https://github.com/squid-cache/squid/pull/1536
 CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...)
 	NOT-FOR-US: a-blog cms
 CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...)
@@ -713,6 +716,7 @@ CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named`
 	NOTE: https://kb.isc.org/docs/cve-2023-5679
 CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...)
 	- bind9 1:9.19.21-1
+	[bookworm] - bind9 <not-affected> (Vulnerable code only in 9.16.y series)
 	[bullseye] - bind9 1:9.16.48-1
 	[buster] - bind9 <not-affected> (Vulnerable code only in 9.16.y series)
 	NOTE: https://kb.isc.org/docs/cve-2023-6516
@@ -121682,6 +121686,7 @@ CVE-2022-1950 (The Youzify WordPress plugin before 1.2.0 does not sanitise and e
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...)
 	- 389-ds-base 2.3.1-1 (bug #1016446)
+	[bullseye] - 389-ds-base <ignored> (Minor issue, too intrusive to backport)
 	[buster] - 389-ds-base <ignored> (Too intrusive too backport)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781
 	NOTE: https://github.com/389ds/389-ds-base/issues/5170


=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ engrampa (jmm)
 --
 frr
 --
+gnutls28/oldstable
+--
 gpac/oldstable
 --
 gtkwave



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240215/ae8dd501/attachment.htm>

More information about the debian-security-tracker-commits mailing list