[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c01a5721 by Moritz Muehlenhoff at 2024-01-11T13:50:22+01:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -255,6 +255,7 @@ CVE-2023-50172 (A recovery notification bypass vulnerability exists in the userR
 	NOT-FOR-US: WWBN AVideo
 CVE-2023-50120 (MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2698
 	NOTE: https://github.com/gpac/gpac/commit/b655955b840ccd7c7198bb15375aa510e76208eb
 CVE-2023-49864 (An information disclosure vulnerability exists in the aVideoEncoderRec ...)
@@ -758,6 +759,8 @@ CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime servi
 	NOT-FOR-US: XWiki
 CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for parallelism. ...)
 	- puma <unfixed> (bug #1060345)
+	[bookworm] - puma <no-dsa> (Minor issue)
+	[bullseye] - puma <no-dsa> (Minor issue)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
 	NOTE: https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d (v5.6.8)
 CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in pure Py ...)
@@ -1516,6 +1519,8 @@ CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandli
 	NOT-FOR-US: Newtonsoft.Json
 CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...)
 	- apktool 2.7.0+dfsg-7 (bug #1060013)
+	[bookworm] - apktool <no-dsa> (Minor issue)
+	[bullseye] - apktool <no-dsa> (Minor issue)
 	NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w
 	NOTE: https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712
 CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...)
@@ -1524,9 +1529,10 @@ CVE-2024-21622 (Craft is a content management system. This is a potential modera
 	NOT-FOR-US: Craft CMS
 CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...)
 	- packagekit <unfixed> (bug #1060016)
+	[bookworm] - packagekit <no-dsa> (Minor issue)
+	[bullseye] - packagekit <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256624
 	NOTE: Reducing impact via: https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 (v1.2.7)
-	TODO: check, RHBZ#2256624 claims fixed in upstream 1.2.7 but provides no references
 CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
@@ -33240,6 +33246,8 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Pri
 	{DLA-3494-1}
 	[experimental] - ruby-doorkeeper 5.6.6-1
 	- ruby-doorkeeper <unfixed> (bug #1038950)
+	[bookworm] - ruby-doorkeeper <no-dsa> (Minor issue)
+	[bullseye] - ruby-doorkeeper <no-dsa> (Minor issue)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/1589
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1646



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01a5721eb82c1ef27b35307726dcabf20720d5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01a5721eb82c1ef27b35307726dcabf20720d5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240111/fceb8545/attachment.htm>