[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Sun Jul 28 16:26:38 BST 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
150c42ad by Moritz Muehlenhoff at 2024-07-28T17:26:03+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4785,6 +4785,7 @@ CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks
 	NOT-FOR-US: SAP
 CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...)
 	- node-undici <unfixed>
+	[bookworm] - node-undici <no-dsa> (Minor issue)
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq
 	NOTE: https://github.com/nodejs/undici/issues/3328
 	NOTE: https://github.com/nodejs/undici/issues/3337
@@ -5151,6 +5152,8 @@ CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory trave
 CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...)
 	- qt6-base <unfixed> (bug #1076292)
 	- qtbase-opensource-src 5.15.13+dfsg-3 (bug #1076293)
+	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
 	- qtbase-opensource-src-gles <unfixed>
 	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -5871,9 +5874,13 @@ CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prot
 	NOT-FOR-US: ratio-swiper Nodejs module
 CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
 	- requirejs <unfixed>
+	[bookworm] - requirejs <no-dsa> (Minor issue)
+	[bullseye] - requirejs <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
 CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
 	- requirejs <unfixed>
+	[bookworm] - requirejs <no-dsa> (Minor issue)
+	[bullseye] - requirejs <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
 CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype  ...)
 	NOT-FOR-US: ratio-swiper Nodejs module
@@ -6274,6 +6281,8 @@ CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to e
 	NOT-FOR-US: IBM
 CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local attacker to e ...)
 	- dcm2niix <unfixed> (bug #1074534)
+	[bookworm] - dcm2niix <no-dsa> (Minor issue)
+	[bullseye] - dcm2niix <no-dsa> (Minor issue)
 	NOTE: https://github.com/rordenlab/dcm2niix/pull/789
 CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to e ...)
 	- dcmtk 3.6.8-6 (bug #1074483)
@@ -16198,6 +16207,8 @@ CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugi
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow  ...)
 	- xmedcon <unfixed>
+	[bookworm] - xmedcon <no-dsa> (Minor issue)
+	[bullseye] - xmedcon <no-dsa> (Minor issue)
 	NOTE: https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md
 CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...)
 	NOT-FOR-US: Silverpeas Core



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150c42ad81c568596cbb96f9aaa5d80813686925

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150c42ad81c568596cbb96f9aaa5d80813686925
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240728/c356e6b9/attachment.htm>
