[Git][security-tracker-team/security-tracker][master] bookwor/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 7 16:09:07 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f472822 by Moritz Muehlenhoff at 2024-03-07T17:08:08+01:00
bookwor/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -92,6 +92,8 @@ CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered t
TODO: check
CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...)
- libgcrypt20 <unfixed>
+ [bookworm] - libgcrypt20 <no-dsa> (Minor issue)
+ [bullseye] - libgcrypt20 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
CVE-2024-1299 (A privilege escalation vulnerability was discovered in GitLab affectin ...)
- gitlab <unfixed>
@@ -113,6 +115,8 @@ CVE-2024-27307 (JSONata is a JSON query and transformation language. Starting in
TODO: check
CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur ...)
- golang-github-jackc-pgx <unfixed>
+ [bookworm] - golang-github-jackc-pgx <no-dsa> (Minor issue)
+ [bullseye] - golang-github-jackc-pgx <no-dsa> (Minor issue)
NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
NOTE: https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 (v5.5.4)
NOTE: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4)
@@ -123,6 +127,8 @@ CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to speci
TODO: check
CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...)
- golang-github-jackc-pgx <unfixed>
+ [bookworm] - golang-github-jackc-pgx <no-dsa> (Minor issue)
+ [bullseye] - golang-github-jackc-pgx <no-dsa> (Minor issue)
NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
NOTE: https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c (v4.18.2)
CVE-2024-27288 (1Panel is an open source Linux server operation and maintenance manage ...)
@@ -447,6 +453,8 @@ CVE-2024-1979
NOT-FOR-US: Quarkus
CVE-2023-5685 [StackOverflowException when the chain of notifier states becomes problematically big]
- jboss-xnio <unfixed>
+ [bookworm] - jboss-xnio <no-dsa> (Minor issue)
+ [bullseye] - jboss-xnio <no-dsa> (Minor issue)
[buster] - jboss-xnio <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241822
CVE-2023-45290 (When parsing a multipart form (either explicitly with Request.ParseMul ...)
@@ -597,6 +605,8 @@ CVE-2024-25731 (The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for
NOT-FOR-US: Elink Smart eSmartCam (com.cn.dq.ipc) application
CVE-2024-25269 (libheif <= 1.17.6 contains a memory leak in the function JpegEncoder:: ...)
- libheif <unfixed>
+ [bookworm] - libheif <no-dsa> (Minor issue)
+ [bullseye] - libheif <no-dsa> (Minor issue)
[buster] - libheif <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libheif/issues/1073
NOTE: https://github.com/strukturag/libheif/pull/1074
@@ -639,6 +649,8 @@ CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung Inter
NOT-FOR-US: Samsung
CVE-2024-1936 (The encrypted subject of an email message could be incorrectly and per ...)
- thunderbird 1:115.8.1-1
+ [bookworm] - thunderbird <postponed> (Fix alongside in next DSA)
+ [bullseye] - thunderbird <postponed> (Fix alongside in next DSA)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936
CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...)
NOT-FOR-US: WordPress plugin
@@ -690,11 +702,15 @@ CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OT
NOT-FOR-US: Motorola
CVE-2024-2002
- dwarfutils <unfixed> (bug #1065511)
+ [bookworm] - dwarfutils <no-dsa> (Minor issue)
+ [bullseye] - dwarfutils <no-dsa> (Minor issue)
[buster] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad
CVE-2024-27351 [Potential regular expression denial-of-service in django.utils.text.Truncator.words()]
- python-django 3:4.2.11-1
+ [bookworm] - python-django <postponed> (Minor issue, fix along in future update)
+ [bullseye] - python-django <postponed> (Minor issue, fix along in future update)
[buster] - python-django <no-dsa> (Minor issue)
NOTE: https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
NOTE: https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e (5.0.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4728226ea8d3ee68129d025b329a231fe31a81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4728226ea8d3ee68129d025b329a231fe31a81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/037957cd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list