[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2017-7938,CVE-2020-14931,CVE-2024-31837/dmitry: buster postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat May 4 17:04:08 BST 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8c8eeed by Sylvain Beucler at 2024-05-04T18:03:21+02:00
CVE-2017-7938,CVE-2020-14931,CVE-2024-31837/dmitry: buster postponed

- - - - -
5aa5566a by Sylvain Beucler at 2024-05-04T18:03:23+02:00
ofono: follow stable triage, buster posponed

- - - - -
89bee352 by Sylvain Beucler at 2024-05-04T18:03:25+02:00
gdcm: follow stable triage, buster postponed

- - - - -
5c3f6593 by Sylvain Beucler at 2024-05-04T18:03:25+02:00
dla: add libkf5ksieve

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3246,6 +3246,7 @@ CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-
 	- dmitry <unfixed>
 	[bookworm] - dmitry <no-dsa> (Minor issue)
 	[bullseye] - dmitry <no-dsa> (Minor issue)
+	[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
 	NOTE: https://github.com/jaygreig86/dmitry/pull/12
 CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...)
 	NOT-FOR-US: Limbas
@@ -4241,6 +4242,7 @@ CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::Deco
 	- gdcm <unfixed>
 	[bookworm] - gdcm <no-dsa> (Minor issue)
 	[bullseye] - gdcm <no-dsa> (Minor issue)
+	[buster] - gdcm <postponed> (Minor issue, follow bullseye)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
 CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
 	NOT-FOR-US: IBM
@@ -4248,11 +4250,13 @@ CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupT
 	- gdcm <unfixed>
 	[bookworm] - gdcm <no-dsa> (Minor issue)
 	[bullseye] - gdcm <no-dsa> (Minor issue)
+	[buster] - gdcm <postponed> (Minor issue, follow bullseye)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
 CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...)
 	- gdcm <unfixed>
 	[bookworm] - gdcm <no-dsa> (Minor issue)
 	[bullseye] - gdcm <no-dsa> (Minor issue)
+	[buster] - gdcm <postponed> (Minor issue, follow bullseye)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
 CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
@@ -5575,21 +5579,25 @@ CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A s
 	- ofono <unfixed>
 	[bookworm] - ofono <no-dsa> (Minor issue)
 	[bullseye] - ofono <no-dsa> (Minor issue)
+	[buster] - ofono <postponed> (Minor issue, follow bullseye)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402
 CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
 	[bookworm] - ofono <no-dsa> (Minor issue)
 	[bullseye] - ofono <no-dsa> (Minor issue)
+	[buster] - ofono <postponed> (Minor issue, follow bullseye)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399
 CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
 	[bookworm] - ofono <no-dsa> (Minor issue)
 	[bullseye] - ofono <no-dsa> (Minor issue)
+	[buster] - ofono <postponed> (Minor issue, follow bullseye)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
 CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
 	[bookworm] - ofono <no-dsa> (Minor issue)
 	[bullseye] - ofono <no-dsa> (Minor issue)
+	[buster] - ofono <postponed> (Minor issue, follow bullseye)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255394
 CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...)
 	{DSA-5668-1}
@@ -8431,6 +8439,7 @@ CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A s
 	- ofono <unfixed> (bug #1069679)
 	[bookworm] - ofono <no-dsa> (Minor issue)
 	[bullseye] - ofono <no-dsa> (Minor issue)
+	[buster] - ofono <postponed> (Minor issue, follow bullseye)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
 	NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
 	NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
@@ -292140,6 +292149,7 @@ CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information G
 	- dmitry <unfixed>
 	[bookworm] - dmitry <no-dsa> (Minor issue)
 	[bullseye] - dmitry <no-dsa> (Minor issue)
+	[buster] - dmitry <postponed> (Minor issue, requires hostile whois server)
 	NOTE: https://github.com/jaygreig86/dmitry/issues/4
 	NOTE: https://github.com/jaygreig86/dmitry/pull/6
 	NOTE: Fixed by: https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192
@@ -472280,6 +472290,7 @@ CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gath
 	- dmitry <unfixed>
 	[bookworm] - dmitry <no-dsa> (Minor issue)
 	[bullseye] - dmitry <no-dsa> (Minor issue)
+	[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
 	NOTE: https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
 	NOTE: https://github.com/jaygreig86/dmitry/pull/12
 CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact Gmb ...)


=====================================
data/dla-needed.txt
=====================================
@@ -116,6 +116,10 @@ jenkins-htmlunit-core-js
 less (Abhijith PA)
   NOTE: 20240418: Added by Front-Desk (apo)
 --
+libkf5ksieve
+  NOTE: 20240504: Added by Front-Desk (Beuc)
+  NOTE: 20240504: Follow PU #1069836/#1069690 (Beuc/front-desk)
+--
 libmojolicious-perl
   NOTE: 20240421: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b23947176c7ede9a9b9260cbea8ad041a135fe44...5c3f6593ac7705285bafd1e310639110f8b285a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b23947176c7ede9a9b9260cbea8ad041a135fe44...5c3f6593ac7705285bafd1e310639110f8b285a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/446ec1da/attachment.htm>

More information about the debian-security-tracker-commits mailing list