[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
644cd696 by Moritz Muehlenhoff at 2024-05-10T18:04:15+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1310,11 +1310,15 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `kee
 	NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2)
 CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...)
 	- python-werkzeug 3.0.3-1 (bug #1070711)
+	[bookworm] - python-werkzeug <no-dsa> (Minor issue)
+	[bullseye] - python-werkzeug <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
 	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3)
 	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3)
 CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...)
 	- jinja2 <unfixed> (bug #1070712)
+	[bookworm] - jinja2 <no-dsa> (Minor issue)
+	[bullseye] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
 	NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4)
 CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects  ...)
@@ -6701,6 +6705,8 @@ CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper.
 	- git-credential-manager <itp> (bug #1002300)
 CVE-2024-32473 (Moby is an open source container framework that is a key component of  ...)
 	- docker.io <unfixed> (bug #1070378)
+	[bookworm] - docker.io <no-dsa> (Minor issue)
+	[bullseye] - docker.io <no-dsa> (Minor issue)
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
 	NOTE: https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa
 CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...)
@@ -17532,6 +17538,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers
 	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.10 <removed>
 	- python3.9 <removed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
@@ -78571,6 +78578,7 @@ CVE-2023-28757
 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...)
 	{DLA-3447-1 DLA-3408-1}
 	- ruby3.1 <unfixed> (bug #1038408)
+	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
 	[experimental] - jruby 9.4.3.0+ds-1~exp1
@@ -78586,6 +78594,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
 	[bookworm] - rubygems <no-dsa> (Minor issue)
 	[bullseye] - rubygems <no-dsa> (Minor issue)
 	- ruby3.1 <unfixed> (bug #1038408)
+	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
 	[experimental] - jruby 9.4.3.0+ds-1~exp1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240510/ded2cfc3/attachment-0001.htm>