[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2024-34064 as postponed for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun May 12 23:45:55 BST 2024 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
874fd2fb by Thorsten Alteholz at 2024-05-13T00:36:43+02:00
mark CVE-2024-34064 as postponed for Buster

- - - - -
cb66bf1c by Thorsten Alteholz at 2024-05-13T00:40:55+02:00
mark CVE-2024-27306 as postponed for Buster

- - - - -
1f64abb2 by Thorsten Alteholz at 2024-05-13T00:41:42+02:00
mark CVE-2024-27305 as postponed for Buster

- - - - -
a7ca5f03 by Thorsten Alteholz at 2024-05-13T00:42:51+02:00
mark CVE-2024-34062 as postponed for Buster

- - - - -
84844f5d by Thorsten Alteholz at 2024-05-13T00:44:49+02:00
mark CVE-2024-30251 as postponed for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1622,6 +1622,7 @@ CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter i
 	- jinja2 <unfixed> (bug #1070712)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
 	[bullseye] - jinja2 <no-dsa> (Minor issue)
+	[buster] - jinja2 <postponed> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
 	NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4)
 CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects  ...)
@@ -2149,6 +2150,7 @@ CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any opti
 	- tqdm 4.66.4-1 (bug #1070372)
 	[bookworm] - tqdm <no-dsa> (Minor issue)
 	[bullseye] - tqdm <no-dsa> (Minor issue)
+	[buster] - tqdm <postponed> (Minor issue)
 	NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
 	NOTE: Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3)
 CVE-2024-34061 (changedetection.io is a free open source web page change detection, we ...)
@@ -3985,6 +3987,7 @@ CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface.
 	- wildfly <itp> (bug #752018)
 CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed> (bug #1070364)
+	[buster] - python-aiohttp <postponed> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19 (v3.9.4)
@@ -7478,6 +7481,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	- python-aiohttp <unfixed> (bug #1070665)
 	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
 	[bullseye] - python-aiohttp <no-dsa> (Minor issue)
+	[buster] - python-aiohttp <postponed> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
 	NOTE: https://github.com/aio-libs/aiohttp/pull/8319
 	NOTE: https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 (v3.9.4)
@@ -19676,6 +19680,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas
 	- python-aiosmtpd <unfixed> (bug #1066820)
 	[bookworm] - python-aiosmtpd <no-dsa> (Minor issue)
 	[bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
+	[buster] - python-aiosmtpd <postponed> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
 	NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5)
 CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240512/1f237d34/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list