[Git][security-tracker-team/security-tracker][master] Add more chromium issues from older advisories

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 18 20:44:43 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab47e86b by Salvatore Bonaccorso at 2024-07-18T21:43:52+02:00
Add more chromium issues from older advisories

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -232,19 +232,24 @@ CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior t
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...)
-	TODO: check
+	- chromium 122.0.6261.57-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allow ...)
-	TODO: check
+	- chromium 121.0.6167.85-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed  ...)
-	TODO: check
+	- chromium 121.0.6167.139-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 122.0.6261.57 all ...)
-	TODO: check
+	- chromium 122.0.6261.57-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability t ...)
 	- airflow <itp> (bug #819700)
 CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that allows  ...)
 	- airflow <itp> (bug #819700)
 CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allo ...)
-	TODO: check
+	- chromium 121.0.6167.139-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced in vers ...)
 	NOT-FOR-US: Atlassian
 CVE-2024-21188 (Vulnerability in the Oracle Financial Services Revenue Management and  ...)


=====================================
data/DSA/list
=====================================
@@ -370,7 +370,7 @@
 	[bullseye] - thunderbird 1:115.8.0-1~deb11u1
 	[bookworm] - thunderbird 1:115.8.0-1~deb12u1
 [23 Feb 2024] DSA-5629-1 chromium - security update
-	{CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676 CVE-2024-5500}
+	{CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676 CVE-2024-3168 CVE-2024-3171 CVE-2024-5500}
 	[bookworm] - chromium 122.0.6261.57-1~deb12u1
 [22 Feb 2024] DSA-5628-1 imagemagick - security update
 	{CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428 CVE-2023-5341 CVE-2023-34151}
@@ -433,7 +433,7 @@
 	[bullseye] - openjdk-17 17.0.10+7-1~deb11u1
 	[bookworm] - openjdk-17 17.0.10+7-1~deb12u1
 [01 Feb 2024] DSA-5612-1 chromium - security update
-	{CVE-2024-1059 CVE-2024-1060 CVE-2024-1077}
+	{CVE-2024-1059 CVE-2024-1060 CVE-2024-1077 CVE-2024-2884 CVE-2024-3169}
 	[bookworm] - chromium 121.0.6167.139-1~deb12u1
 [30 Jan 2024] DSA-5611-1 glibc - security update
 	{CVE-2023-6246 CVE-2023-6779 CVE-2023-6780}
@@ -449,7 +449,7 @@
 	[bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u4
 	[bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u5
 [24 Jan 2024] DSA-5607-1 chromium - security update
-	{CVE-2024-0804 CVE-2024-0805 CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0809 CVE-2024-0810 CVE-2024-0811 CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 CVE-2024-3172}
+	{CVE-2024-0804 CVE-2024-0805 CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0809 CVE-2024-0810 CVE-2024-0811 CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 CVE-2024-3170 CVE-2024-3172}
 	[bookworm] - chromium 121.0.6167.85-1~deb12u1
 [24 Jan 2024] DSA-5606-1 firefox-esr - security update
 	{CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0747 CVE-2024-0749 CVE-2024-0750 CVE-2024-0751 CVE-2024-0753 CVE-2024-0755}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab47e86b6ef1a40a023848de3aa9149e551d9ad2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab47e86b6ef1a40a023848de3aa9149e551d9ad2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240718/1f2b8084/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list