[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 29 10:06:23 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
108c29e5 by Moritz Muehlenhoff at 2024-02-29T11:06:02+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1274,12 +1274,18 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the comp
NOT-FOR-US: beep.js
CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
NOT-FOR-US: Fluent Bit
@@ -1344,6 +1350,8 @@ CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted
NOTE: https://redmine.openinfosecfoundation.org/issues/6444
CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
+ [bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
NOTE: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 (suricata-6.0.16)
NOTE: https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc (suricata-6.0.16)
@@ -4370,6 +4378,7 @@ CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/ad
NOT-FOR-US: Koha Library Management System
CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...)
- openrefine <unfixed> (bug #1064192)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8)
CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...)
@@ -8452,6 +8461,7 @@ CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication to
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs]
- xen <unfixed>
+ [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-451.html
=====================================
data/dsa-needed.txt
=====================================
@@ -30,6 +30,8 @@ gtkwave
--
h2o (jmm)
--
+jetty9
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
--
@@ -98,5 +100,7 @@ varnish
--
wpa
--
+yard (jmm)
+--
zabbix
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/da5ca236/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list