[Git][security-tracker-team/security-tracker][master] 15 commits: CVE-2024-36843,CVE-2024-36844,CVE-2024-36845,libmodbus: buster is postponed
Markus Koschany (@apo)
apo at debian.org
Mon Jun 10 07:21:39 BST 2024
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
909bbef3 by Markus Koschany at 2024-06-10T07:36:28+02:00
CVE-2024-36843,CVE-2024-36844,CVE-2024-36845,libmodbus: buster is postponed
Minor issues which can be fixed later.
- - - - -
19139250 by Markus Koschany at 2024-06-10T07:39:06+02:00
Triage open bluez issues as postponed for buster
Re-visit when those problems are fixed by upstream
- - - - -
46bf884c by Markus Koschany at 2024-06-10T07:44:20+02:00
CVE-2024-22871,clojure: buster is postponed
Minor issue
- - - - -
577206c1 by Markus Koschany at 2024-06-10T07:46:05+02:00
CVE-2024-37408,fprintd: buster is postponed
Minor usability issue
- - - - -
46a48c63 by Markus Koschany at 2024-06-10T07:50:41+02:00
Triage open freerdp2 issues for buster as postponed
Re-visit when they have been fixed in later Debian distributions and unstable.
- - - - -
83702ad5 by Markus Koschany at 2024-06-10T07:53:15+02:00
CVE-2022-4968,netplan.io: buster is postponed
Minor issue
- - - - -
68718b88 by Markus Koschany at 2024-06-10T07:54:37+02:00
CVE-2024-34083,python-aiosmtpd: buster is postponed
Minor issue
- - - - -
36fdba70 by Markus Koschany at 2024-06-10T07:59:39+02:00
CVE-2024-36048,qtnetworkauth-everywhere-src: buster is postponed
Minor issue
- - - - -
a337e8ec by Markus Koschany at 2024-06-10T08:02:50+02:00
CVE-2024-5206,scikit-learn: buster is postponed
Minor issue
- - - - -
85e34bf2 by Markus Koschany at 2024-06-10T08:04:44+02:00
CVE-2024-5138,snapd: buster is not-affected
The vulnerable code was introduced later in 2021.
https://github.com/snapcore/snapd/commit/dc45262288a14679201c916ac1f7aab54e722e9a
- - - - -
95d96ccd by Markus Koschany at 2024-06-10T08:08:12+02:00
Add sredird to dla-needed.txt
Let's fix this long-standing problem.
- - - - -
d64278d1 by Markus Koschany at 2024-06-10T08:10:43+02:00
CVE-2024-37535,vte,vte2.91: buster is postponed
Minor issue
- - - - -
1b44130b by Markus Koschany at 2024-06-10T08:16:44+02:00
Add mariadb-10.3 to dla-needed.txt
- - - - -
2075b99f by Markus Koschany at 2024-06-10T08:18:04+02:00
CVE-2024-24789,CVE-2024-24790,golang-1.11: buster is postponed
Minor issues
- - - - -
482cdde5 by Markus Koschany at 2024-06-10T08:20:20+02:00
Claim php7.3 in dla-needed.txt
Update status of netty and ghostscript
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -192,9 +192,11 @@ CVE-2024-37535 (GNOME VTE before 0.76.3 allows an attacker to cause a denial of
- vte <unfixed>
[bookworm] - vte <no-dsa> (Minor issue)
[bullseye] - vte <no-dsa> (Minor issue)
+ [buster] - vte <postponed> (Minor issue)
- vte2.91 <unfixed>
[bookworm] - vte2.91 <no-dsa> (Minor issue)
[bullseye] - vte2.91 <no-dsa> (Minor issue)
+ [buster] - vte2.91 <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/vte/-/issues/2786
NOTE: https://www.openwall.com/lists/oss-security/2024/06/09/1
NOTE: https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc (master)
@@ -223,6 +225,7 @@ CVE-2024-37408 (fprintd through 1.94.3 lacks a security attention mechanism, and
- fprintd <unfixed> (bug #1072854)
[bookworm] - fprintd <no-dsa> (Minor issue)
[bullseye] - fprintd <no-dsa> (Minor issue)
+ [buster] - fprintd <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/30/3
NOTE: https://lists.freedesktop.org/archives/fprint/2024-May/001231.html
CVE-2024-37407 (Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP ar ...)
@@ -647,6 +650,7 @@ CVE-2022-4968 (netplan leaks the private key of wireguard to local users. A secu
- netplan.io <unfixed> (bug #1072789)
[bookworm] - netplan.io <no-dsa> (Minor issue)
[bullseye] - netplan.io <no-dsa> (Minor issue)
+ [buster] - netplan.io <postponed> (Minor issue)
NOTE: https://bugs.launchpad.net/netplan/+bug/1987842
NOTE: https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738
CVE-2024-5684 (An attacker with access to the private network (the charger is connect ...)
@@ -728,6 +732,7 @@ CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-l
- scikit-learn <unfixed>
[bookworm] - scikit-learn <no-dsa> (Minor issue)
[bullseye] - scikit-learn <no-dsa> (Minor issue)
+ [buster] - scikit-learn <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c
NOTE: https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 (1.5.0rc1)
CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
@@ -1793,6 +1798,7 @@ CVE-2024-5138 (The snapctl component within snapd allows a confined snap to inte
- snapd 2.62-3 (bug #1072365)
[bookworm] - snapd <no-dsa> (Minor issue)
[bullseye] - snapd <no-dsa> (Minor issue)
+ [buster] - snapd <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugs.launchpad.net/snapd/+bug/2065077
NOTE: https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
NOTE: https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
@@ -1864,16 +1870,19 @@ CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus
- libmodbus <unfixed>
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
+ [buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/750
CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
- libmodbus <unfixed>
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
+ [buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/749
CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
- libmodbus <unfixed>
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
+ [buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/748
CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...)
NOT-FOR-US: javascript-deobfuscator
@@ -7396,6 +7405,7 @@ CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17,
- qtnetworkauth-everywhere-src 5.15.13-3 (bug #1071974)
[bookworm] - qtnetworkauth-everywhere-src <no-dsa> (Minor issue)
[bullseye] - qtnetworkauth-everywhere-src <no-dsa> (Minor issue)
+ [buster] - qtnetworkauth-everywhere-src <postponed> (Minor issue)
- qt6-networkauth <unfixed> (bug #1071973)
[bookworm] - qt6-networkauth <no-dsa> (Minor issue)
NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
@@ -7422,6 +7432,7 @@ CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py ba
- python-aiosmtpd 1.4.6-1 (bug #1072119)
[bookworm] - python-aiosmtpd <no-dsa> (Minor issue)
[bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
+ [buster] - python-aiosmtpd <postponed> (Minor issue)
NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8
NOTE: https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda (v1.4.6)
CVE-2024-31879 (IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbit ...)
@@ -11393,6 +11404,7 @@ CVE-2024-24790 (The various Is methods (IsPrivate, IsLoopback, etc) did not work
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
+ [buster] - golang-1.11 <postponed> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/67680
CVE-2024-24789 (The archive/zip package's handling of certain types of invalid zip fil ...)
@@ -11403,6 +11415,7 @@ CVE-2024-24789 (The archive/zip package's handling of certain types of invalid z
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
+ [buster] - golang-1.11 <postponed> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/66869
CVE-2024-24787 (On Darwin, building a Go module which contains CGO can trigger arbitra ...)
@@ -12928,6 +12941,7 @@ CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remot
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1902/
CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
@@ -12935,6 +12949,7 @@ CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vul
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1901/
CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection Remote Cod ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
@@ -12942,6 +12957,7 @@ CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1905/
CVE-2023-51591 (Voltronic Power ViewPower Pro doDocument XML External Entity Processin ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
@@ -12951,6 +12967,7 @@ CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1904/
CVE-2023-51588 (Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Loca ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
@@ -12972,6 +12989,7 @@ CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Boun
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1903/
CVE-2023-51579 (Voltronic Power ViewPower Incorrect Permission Assignment Local Privil ...)
NOT-FOR-US: Voltronic Power ViewPower
@@ -13173,6 +13191,7 @@ CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Cod
- bluez <unfixed>
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1900/
CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...)
NOT-FOR-US: Bentley
@@ -17056,6 +17075,7 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1072112)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10)
@@ -17064,6 +17084,7 @@ CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1072112)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1)
CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
@@ -17071,6 +17092,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1072112)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7)
@@ -17079,6 +17101,7 @@ CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1072112)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1)
CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...)
@@ -17303,6 +17326,7 @@ CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
@@ -17311,6 +17335,7 @@ CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
@@ -17319,6 +17344,7 @@ CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6)
@@ -17327,6 +17353,7 @@ CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6)
@@ -17335,6 +17362,7 @@ CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6)
@@ -17343,6 +17371,7 @@ CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp2 <unfixed> (bug #1069728)
[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6)
@@ -33417,6 +33446,7 @@ CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an att
- clojure 1.11.2-1 (bug #1071746)
[bookworm] - clojure <no-dsa> (Minor issue)
[bullseye] - clojure <no-dsa> (Minor issue)
+ [buster] - clojure <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-vr64-r9qj-h27f
NOTE: https://hackmd.io/@fe1w0/rymmJGida
CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x8 ...)
=====================================
data/dla-needed.txt
=====================================
@@ -112,6 +112,7 @@ freeimage
--
ghostscript (Markus Koschany)
NOTE: 20240510: Added by Front-Desk (ta)
+ NOTE: 20240610: Doing some final tests. (apo)
--
git (Sean Whitton)
NOTE: 20240519: Added by Front-Desk (utkarsh)
@@ -189,11 +190,17 @@ linux (Ben Hutchings)
linux-5.10
NOTE: 20231005: perma-added for LTS package-specific delegation (bwh)
--
+mariadb-10.3
+ NOTE: 20240610: Added by Front-Desk (apo)
+ NOTE: 20240610: This version is EOL and I could not find a targeted patch for the
+ NOTE: 20240610: problem which appears to be not too serious. (apo)
+--
nano
NOTE: 20240609: Added by Front-Desk (apo)
--
netty (Markus Koschany)
NOTE: 20240511: Added by (apo)
+ NOTE: 20240610: Doing some final tests. (apo)
--
nodejs (guilhem)
NOTE: 20240406: Added by Front-Desk (lamby)
@@ -238,7 +245,7 @@ pdns-recursor
NOTE: 20240306: Added by Front-Desk (opal)
NOTE: 20240319: Upload postponed due to #1067124 (dleidert)
--
-php7.3
+php7.3 (Markus Koschany)
NOTE: 20240609: Added by Front-Desk (apo)
--
plasma-workspace
@@ -322,6 +329,9 @@ squid
NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo)
NOTE: 20240430: Patch for CVE-2023-49288 has been located and added to tracker (dleidert)
--
+sredird
+ NOTE: 20240610: Added by Front-Desk (apo)
+--
suricata (Adrian Bunk)
NOTE: 20230620: Added by Front-Desk (Beuc)
NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie,
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0ca528aa5ea5254cdddbeec91a58431e74912e8...482cdde53a81a704fe7a698e258dbc754bc546e6
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0ca528aa5ea5254cdddbeec91a58431e74912e8...482cdde53a81a704fe7a698e258dbc754bc546e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240610/065c8588/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list