[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 15 12:10:24 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c0762bc by Moritz Muehlenhoff at 2024-05-15T13:07:02+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -755,9 +755,13 @@ CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: WordPress plugin
CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...)
- node-braces <unfixed>
+ [bookworm] - node-braces <no-dsa> (Minor issue)
+ [bullseye] - node-braces <no-dsa> (Minor issue)
NOTE: https://github.com/micromatch/braces/issues/35
CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
- node-micromatch <unfixed>
+ [bookworm] - node-micromatch <no-dsa> (Minor issue)
+ [bullseye] - node-micromatch <no-dsa> (Minor issue)
NOTE: https://github.com/micromatch/micromatch/issues/243
NOTE: https://github.com/micromatch/micromatch/pull/247
CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...)
@@ -1949,6 +1953,8 @@ CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerabili
NOT-FOR-US: jizhicms
CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...)
- libmodbus <unfixed>
+ [bookworm] - libmodbus <no-dsa> (Minor issue)
+ [bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue; out-of-bounds read, DoS)
NOTE: https://github.com/stephane/libmodbus/issues/743
CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ gpac/oldstable
--
h2o (jmm)
--
+libreoffice (jmm)
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0762bc3fadf05e5a19542747a53345f25170ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0762bc3fadf05e5a19542747a53345f25170ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/d3f6f0ce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list