[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 23 22:01:48 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb0e0ce4 by Moritz Muehlenhoff at 2024-02-23T23:01:13+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -497,6 +497,8 @@ CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store ev
NOT-FOR-US: EventStoreDB (ESDB)
CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives ...)
- python-cryptography <unfixed>
+ [bookworm] - python-cryptography <no-dsa> (Minor issue)
+ [bullseye] - python-cryptography <no-dsa> (Minor issue)
NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
NOTE: https://github.com/pyca/cryptography/pull/10423
NOTE: Fixed by: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 (main)
@@ -527,6 +529,7 @@ CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote atta
NOT-FOR-US: He3 App for macOS
CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...)
- php-dompdf-svg-lib <unfixed>
+ [bookworm] - php-dompdf-svg-lib <no-dsa> (Minor issue)
NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273
NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2)
NOTE: https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 (0.5.2)
@@ -856,6 +859,8 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile
NOT-FOR-US: Novel-Plus
CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
- texlive-bin <unfixed> (bug #1064517)
+ [bookworm] - texlive-bin <no-dsa> (Minor issue)
+ [bullseye] - texlive-bin <no-dsa> (Minor issue)
NOTE: https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
NOTE: https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912
NOTE: https://github.com/TeX-Live/texlive-source/pull/63
@@ -884,6 +889,8 @@ CVE-2024-24475
REJECTED
CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer overf ...)
- qemu 1:8.2.0+ds-1
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810
NOTE: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 (v8.2.0-rc0)
CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...)
@@ -1359,6 +1366,8 @@ CVE-2024-1343 (A weak permission was found in the backup directory in LaborOffic
NOT-FOR-US: LaborOfficeFree
CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...)
- fastdds <unfixed> (bug #1064515)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
NOTE: https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/c89e3088/attachment.htm>
More information about the debian-security-tracker-commits
mailing list