[Git][security-tracker-team/security-tracker][master] 6 commits: Mark CVE-2024-29857/bc as postponed for buster

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Fri May 17 21:38:55 BST 2024 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a632f0c by Utkarsh Gupta at 2024-05-18T02:08:17+05:30
Mark CVE-2024-29857/bc as postponed for buster

- - - - -
8f8971df by Utkarsh Gupta at 2024-05-18T02:08:19+05:30
Mark CVE-2024-30172/bc as postponed for buster

- - - - -
1bbb0496 by Utkarsh Gupta at 2024-05-18T02:08:21+05:30
Mark CVE-2024-34447/bc as postponed for buster

- - - - -
9d900a5e by Utkarsh Gupta at 2024-05-18T02:08:23+05:30
Mark CVE-2024-372/golang-github-opencontainers-go-digest as postponed for buster

- - - - -
e5ad0e1e by Utkarsh Gupta at 2024-05-18T02:08:24+05:30
Mark CVE-2024-4068/node-braces as postponed for buster

- - - - -
28b62822 by Utkarsh Gupta at 2024-05-18T02:08:26+05:30
Mark CVE-2024-4067/node-micromatch as postponed for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2051,11 +2051,13 @@ CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters
 	- node-braces <unfixed>
 	[bookworm] - node-braces <no-dsa> (Minor issue)
 	[bullseye] - node-braces <no-dsa> (Minor issue)
+	[buster] - node-braces <postponed> (Minor issue)
 	NOTE: https://github.com/micromatch/braces/issues/35
 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
 	- node-micromatch <unfixed>
 	[bookworm] - node-micromatch <no-dsa> (Minor issue)
 	[bullseye] - node-micromatch <no-dsa> (Minor issue)
+	[buster] - node-micromatch <postponed> (Minor issue)
 	NOTE: https://github.com/micromatch/micromatch/issues/243
 	NOTE: https://github.com/micromatch/micromatch/pull/247
 CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...)
@@ -2745,6 +2747,7 @@ CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This
 	- golang-github-opencontainers-go-digest <unfixed> (bug #1070858)
 	[bookworm] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue)
 	[bullseye] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue)
+	[buster] - golang-github-opencontainers-go-digest <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274767
 CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...)
 	NOT-FOR-US: WordPress plugin
@@ -4099,12 +4102,14 @@ CVE-2024-29857 (An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy
 	- bouncycastle <unfixed> (bug #1070655)
 	[bookworm] - bouncycastle <no-dsa> (Minor issue)
 	[bullseye] - bouncycastle <no-dsa> (Minor issue)
+	[buster] - bouncycastle <postponed> (Minor issue)
 	NOTE: https://github.com/bcgit/bc-java/issues/1635
 	NOTE: https://www.bouncycastle.org/latest_releases.html
 CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...)
 	- bouncycastle <unfixed> (bug #1070655)
 	[bookworm] - bouncycastle <no-dsa> (Minor issue)
 	[bullseye] - bouncycastle <no-dsa> (Minor issue)
+	[buster] - bouncycastle <postponed> (Minor issue)
 	NOTE: https://github.com/bcgit/bc-java/issues/1599
 	NOTE: https://www.bouncycastle.org/latest_releases.html
 	NOTE: https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49 (r1rv78v1)
@@ -4437,6 +4442,7 @@ CVE-2024-34447 (An issue was discovered in Bouncy Castle Java Cryptography APIs
 	- bouncycastle <unfixed> (bug #1070655)
 	[bookworm] - bouncycastle <no-dsa> (Minor issue)
 	[bullseye] - bouncycastle <no-dsa> (Minor issue)
+	[buster] - bouncycastle <postponed> (Minor issue)
 	NOTE: https://www.bouncycastle.org/latest_releases.html
 CVE-2024-34446 (Mullvad VPN through 2024.1 on Android does not set a DNS server in the ...)
 	NOT-FOR-US: Mullvad VPN



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297d11c339e2aa0a4bc925604dd879bd678c9eb6...28b62822162b37fc54c35154ab2105093463bad6

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297d11c339e2aa0a4bc925604dd879bd678c9eb6...28b62822162b37fc54c35154ab2105093463bad6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240517/a32387cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list