[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 15 14:31:24 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61b65e49 by Moritz Mühlenhoff at 2024-03-15T15:30:42+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,6 +33,8 @@ CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker t
NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092
CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...)
- cimg <unfixed>
+ [bookworm] - cimg <no-dsa> (Minor issue)
+ [bullseye] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/GreycLab/CImg/issues/403
CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...)
NOT-FOR-US: Greek Universities Network Open eClass
@@ -97,6 +99,8 @@ CVE-2024-2437
REJECTED
CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node's `ht ...)
- node-follow-redirects <unfixed>
+ [bookworm] - node-follow-redirects <no-dsa> (Minor issue)
+ [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
NOTE: https://github.com/psf/requests/issues/1885
NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6)
@@ -1060,6 +1064,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
CVE-2024-2193 [GhostRace: Speculative Race Conditions]
- linux <unfixed>
- xen <unfixed>
+ [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/14
=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ opennds/stable
--
php-cas/oldstable
--
-php-dompdf-svg-lib/stable
+php-dompdf-svg-lib/stable (jmm)
William Desportes is proposing an update needing review (6883e24c-b53d-4dcd-ad27-b944dbd688f3 at wdes.fr)
--
php-horde-mime-viewer/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/dbc92424/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list