[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 23 22:01:48 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb0e0ce4 by Moritz Muehlenhoff at 2024-02-23T23:01:13+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -497,6 +497,8 @@ CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store ev
 	NOT-FOR-US: EventStoreDB (ESDB)
 CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives  ...)
 	- python-cryptography <unfixed>
+	[bookworm] - python-cryptography <no-dsa> (Minor issue)
+	[bullseye] - python-cryptography <no-dsa> (Minor issue)
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
 	NOTE: https://github.com/pyca/cryptography/pull/10423
 	NOTE: Fixed by: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 (main)
@@ -527,6 +529,7 @@ CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote atta
 	NOT-FOR-US: He3 App for macOS
 CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...)
 	- php-dompdf-svg-lib <unfixed>
+	[bookworm] - php-dompdf-svg-lib <no-dsa> (Minor issue)
 	NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273
 	NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2)
 	NOTE: https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 (0.5.2)
@@ -856,6 +859,8 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile
 	NOT-FOR-US: Novel-Plus
 CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
 	- texlive-bin <unfixed> (bug #1064517)
+	[bookworm] - texlive-bin <no-dsa> (Minor issue)
+	[bullseye] - texlive-bin <no-dsa> (Minor issue)
 	NOTE: https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912
 	NOTE: https://github.com/TeX-Live/texlive-source/pull/63
@@ -884,6 +889,8 @@ CVE-2024-24475
 	REJECTED
 CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer overf ...)
 	- qemu 1:8.2.0+ds-1
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810
 	NOTE: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 (v8.2.0-rc0)
 CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...)
@@ -1359,6 +1366,8 @@ CVE-2024-1343 (A weak permission was found in the backup directory in LaborOffic
 	NOT-FOR-US: LaborOfficeFree
 CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the  ...)
 	- fastdds <unfixed> (bug #1064515)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
+	[bullseye] - fastdds <no-dsa> (Minor issue)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
 CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/c89e3088/attachment.htm>


More information about the debian-security-tracker-commits mailing list