[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 28 17:09:10 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a39303b3 by Moritz Muehlenhoff at 2024-05-28T17:57:45+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14052,23 +14052,31 @@ CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared F
CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10)
CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1)
CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7)
CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1)
CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...)
@@ -14290,36 +14298,48 @@ CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Gra
CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6)
CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6)
CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6)
CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6)
=====================================
data/dsa-needed.txt
=====================================
@@ -61,7 +61,7 @@ python-aiohttp
--
python-asyncssh
--
-python-pymysql
+python-pymysql (jmm)
--
ring/oldstable
might make sense to rebase to current version
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/e918649d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list