[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 28 17:09:10 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a39303b3 by Moritz Muehlenhoff at 2024-05-28T17:57:45+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14052,23 +14052,31 @@ CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared F
 CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1)
 	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10)
 CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1)
 CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1)
 	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7)
 CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1)
 CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...)
@@ -14290,36 +14298,48 @@ CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Gra
 CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
 CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
 CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6)
 CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6)
 CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6)
 CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6)


=====================================
data/dsa-needed.txt
=====================================
@@ -61,7 +61,7 @@ python-aiohttp
 --
 python-asyncssh
 --
-python-pymysql
+python-pymysql (jmm)
 --
 ring/oldstable
   might make sense to rebase to current version



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/e918649d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list