[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 29 10:06:23 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
108c29e5 by Moritz Muehlenhoff at 2024-02-29T11:06:02+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1274,12 +1274,18 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the comp
 	NOT-FOR-US: beep.js
 CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
 	- krb5 <unfixed> (bug #1064965)
+	[bookworm] - krb5 <no-dsa> (Minor issue)
+	[bullseye] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
 CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
 	- krb5 <unfixed> (bug #1064965)
+	[bookworm] - krb5 <no-dsa> (Minor issue)
+	[bullseye] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
 CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
 	- krb5 <unfixed> (bug #1064965)
+	[bookworm] - krb5 <no-dsa> (Minor issue)
+	[bullseye] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
 CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
 	NOT-FOR-US: Fluent Bit
@@ -1344,6 +1350,8 @@ CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted
 	NOTE: https://redmine.openinfosecfoundation.org/issues/6444
 CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.3-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
+	[bullseye] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
 	NOTE: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 (suricata-6.0.16)
 	NOTE: https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc (suricata-6.0.16)
@@ -4370,6 +4378,7 @@ CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/ad
 	NOT-FOR-US: Koha Library Management System
 CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...)
 	- openrefine <unfixed> (bug #1064192)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8)
 CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...)
@@ -8452,6 +8461,7 @@ CVE-2020-36771 (CloudLinux  CageFS 7.1.1-1 or below passes the authentication to
 	NOT-FOR-US: CloudLinux CageFS
 CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs]
 	- xen <unfixed>
+	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	[buster] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-451.html


=====================================
data/dsa-needed.txt
=====================================
@@ -30,6 +30,8 @@ gtkwave
 --
 h2o (jmm)
 --
+jetty9
+--
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
 --
@@ -98,5 +100,7 @@ varnish
 --
 wpa
 --
+yard (jmm)
+--
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/da5ca236/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list