[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 3 16:52:29 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7714f1bf by Moritz Muehlenhoff at 2024-06-03T17:51:56+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,6 +120,8 @@ CVE-2024-5501 (The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5138 (The snapctl component within snapd allows a confined snap to interact  ...)
 	- snapd <unfixed> (bug #1072365)
+	[bookworm] - snapd <no-dsa> (Minor issue)
+	[bullseye] - snapd <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/snapd/+bug/2065077
 	NOTE: https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
 	NOTE: https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
@@ -187,12 +189,18 @@ CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored
 	NOT-FOR-US: WordPress plugin
 CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...)
 	- libmodbus <unfixed>
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://github.com/stephane/libmodbus/issues/750
 CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
 	- libmodbus <unfixed>
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://github.com/stephane/libmodbus/issues/749
 CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
 	- libmodbus <unfixed>
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://github.com/stephane/libmodbus/issues/748
 CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...)
 	TODO: check
@@ -308,6 +316,8 @@ CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifie
 	NOT-FOR-US: Unifier and Unifier Cast
 CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
 	- edk2 <unfixed>
+	[bookworm] - edk2 <no-dsa> (Minor issue)
+	[bullseye] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
 	NOTE: https://github.com/tianocore/edk2/pull/5659
@@ -29142,6 +29152,8 @@ CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since v
 CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...)
 	- golang-github-go-jose-go-jose 4.0.1-1 (bug #1065814)
 	- golang-gopkg-square-go-jose.v2 2.6.3-1
+	[bookworm] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
+	[bullseye] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
 	NOTE: https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 (v2.6.3)
 	NOTE: https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a (v3.0.3)
@@ -47912,6 +47924,8 @@ CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable t
 	NOTE: Fixed by: https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b (jq-1.7.1)
 CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...)
 	- php-dompdf 2.0.4+dfsg-1 (bug #1058793)
+	[bookworm] - php-dompdf <no-dsa> (Minor issue)
+	[bullseye] - php-dompdf <no-dsa> (Minor issue)
 	[buster] - php-dompdf <not-affected> (SVG images are rejected by default)
 	NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2
 	NOTE: https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593 (v2.0.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7714f1bf6e461999658211085daf2ce3f40a4a6d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7714f1bf6e461999658211085daf2ce3f40a4a6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/b9831997/attachment.htm>


More information about the debian-security-tracker-commits mailing list