[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Feb 27 12:01:34 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7174d61 by Moritz Muehlenhoff at 2024-02-27T13:01:03+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,6 +85,8 @@ CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of vali
NOT-FOR-US: Hoppscotch
CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very ...)
- node-es5-ext <unfixed>
+ [bookworm] - node-es5-ext <no-dsa> (Minor issue)
+ [bullseye] - node-es5-ext <no-dsa> (Minor issue)
NOTE: https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
NOTE: https://github.com/medikoo/es5-ext/issues/201
NOTE: https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 (v1.10.63)
@@ -134,7 +136,8 @@ CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/
- opennds <unfixed>
NOTE: https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md
CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.)
- - yasm <unfixed>
+ - yasm <unfixed> (unimportant)
+ NOTE: Memory leak in CLI tool, no security impact
NOTE: https://github.com/LuMingYinDetect/yasm_defects/blob/main/yasm_detect_2.md
CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...)
NOT-FOR-US: flusity-CMS
@@ -162,6 +165,9 @@ CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remo
NOT-FOR-US: Nagios XI
CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
+ [bookworm] - suricata <not-affected> (Vulnerable code not present)
+ [bullseye] - suricata <not-affected> (Vulnerable code not present)
+ [buster] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
NOTE: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f (suricata-7.0.3)
NOTE: https://redmine.openinfosecfoundation.org/issues/6657
=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ knot-resolver (jmm)
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
--
+libuv1
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y and 6.1.y versions
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7174d611ddbede39012c183efb076eab9584bc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7174d611ddbede39012c183efb076eab9584bc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240227/380fe6bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list