[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 15 12:10:24 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c0762bc by Moritz Muehlenhoff at 2024-05-15T13:07:02+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -755,9 +755,13 @@ CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cro
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...)
 	- node-braces <unfixed>
+	[bookworm] - node-braces <no-dsa> (Minor issue)
+	[bullseye] - node-braces <no-dsa> (Minor issue)
 	NOTE: https://github.com/micromatch/braces/issues/35
 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
 	- node-micromatch <unfixed>
+	[bookworm] - node-micromatch <no-dsa> (Minor issue)
+	[bullseye] - node-micromatch <no-dsa> (Minor issue)
 	NOTE: https://github.com/micromatch/micromatch/issues/243
 	NOTE: https://github.com/micromatch/micromatch/pull/247
 CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...)
@@ -1949,6 +1953,8 @@ CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerabili
 	NOT-FOR-US: jizhicms
 CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...)
 	- libmodbus <unfixed>
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	[buster] - libmodbus <postponed> (Minor issue; out-of-bounds read, DoS)
 	NOTE: https://github.com/stephane/libmodbus/issues/743
 CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ gpac/oldstable
 --
 h2o (jmm)
 --
+libreoffice (jmm)
+--
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0762bc3fadf05e5a19542747a53345f25170ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0762bc3fadf05e5a19542747a53345f25170ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/d3f6f0ce/attachment.htm>


More information about the debian-security-tracker-commits mailing list