[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 24 17:11:57 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a19b7ba4 by Moritz Muehlenhoff at 2024-06-24T17:06:58+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2074,10 +2074,13 @@ CVE-2024-4032 (The \u201cipaddress\u201d module contained incorrect information
 	- python3.13 <not-affected> (Fixed before initial upload to Debian unstable)
 	- python3.12 3.12.4-1
 	- python3.11 <unfixed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
+	NOTE: https://github.com/advisories/GHSA-mh6q-v4mp-2cc7
 	NOTE: https://github.com/python/cpython/issues/113171
 	NOTE: https://github.com/python/cpython/pull/113179
 	NOTE: https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb (3.11.y-branch)
@@ -2098,6 +2101,8 @@ CVE-2024-37893 (Firefly III is a free and open source personal finance manager.
 	NOT-FOR-US: Firefly
 CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using  ...)
 	- python-urllib3 <unfixed> (bug #1074149)
+	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
+	[bullseye] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
 	NOTE: https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e (2.2.2)
 CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...)
@@ -2182,10 +2187,13 @@ CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module wher
 	- python3.13 <not-affected> (Fixed before initial upload to Debian unstable)
 	- python3.12 3.12.3-1
 	- python3.11 3.11.9-1
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
+	NOTE: https://github.com/advisories/GHSA-xhf3-pp4q-gxh5
 	NOTE: https://github.com/python/cpython/issues/114572
 	NOTE: https://github.com/python/cpython/pull/114573
 	NOTE: https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 (v3.12.3)
@@ -4249,9 +4257,13 @@ CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak an
 	NOT-FOR-US: Keycloak
 CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ  ...)
 	- freeipa <unfixed>
+	[bookworm] - freeipa <no-dsa> (Minor issue)
+	[bullseye] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
 CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...)
 	- freeipa <unfixed>
+	[bookworm] - freeipa <no-dsa> (Minor issue)
+	[bullseye] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
 CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v ...)
 	NOT-FOR-US: Comtrend router
@@ -5639,6 +5651,7 @@ CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable
 	NOT-FOR-US: WordPress plugin
 CVE-2024-28103 (Action Pack is a framework for handling and responding to web requests ...)
 	- rails <unfixed> (bug #1072705)
+	[bookworm] - rails <no-dsa> (Minor issue)
 	[bullseye] - rails <not-affected> (Vulnerable code introduced later)
 	[buster] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
@@ -15721,6 +15734,8 @@ CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulne
 	NOT-FOR-US: WordPress plugin
 CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote attackers to ca ...)
 	- unbound 1.20.0-1
+	[bookworm] - unbound <no-dsa> (Minor issue)
+	[bullseye] - unbound <no-dsa> (Minor issue)
 	[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de (release-1.20.0rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a19b7ba4017db74d3765388082bf3890f50469ce

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a19b7ba4017db74d3765388082bf3890f50469ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/885c244e/attachment.htm>

More information about the debian-security-tracker-commits mailing list