[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 31 13:08:28 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a579ea4c by Moritz Muehlenhoff at 2024-05-31T14:07:48+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -662,10 +662,11 @@ CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Ser
CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...)
TODO: check
CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...)
- - sngrep <unfixed>
+ - sngrep <unfixed> (unimportant)
NOTE: https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md
NOTE: https://github.com/irontec/sngrep/issues/481
NOTE: Fixed by: https://github.com/irontec/sngrep/commit/da80ced1e3cf6321f748b08e145a829bcc3c90e5
+ NOTE: Crash in CLI tool, no security impact
CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...)
TODO: check
CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...)
@@ -766,6 +767,8 @@ CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encrypt
NOT-FOR-US: HCL
CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
- tcpdf <unfixed>
+ [bookworm] - tcpdf <no-dsa> (Minor issue)
+ [bullseye] - tcpdf <no-dsa> (Minor issue)
NOTE: https://github.com/tecnickcom/TCPDF/issues/724
CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...)
NOT-FOR-US: Node mysql2
@@ -804,6 +807,8 @@ CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query c
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274401
CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...)
- gnome-shell <unfixed> (bug #1072124)
+ [bookworm] - gnome-shell <no-dsa> (Minor issue)
+ [bullseye] - gnome-shell <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...)
NOT-FOR-US: ansibleguy-webui
@@ -26327,6 +26332,8 @@ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` c
NOTE: Introduced by: https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c (v3.8.0b1)
CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow atta ...)
- erlang-jose <unfixed> (bug #1067456)
+ [bookworm] - erlang-jose <no-dsa> (Minor issue)
+ [bullseye] - erlang-jose <no-dsa> (Minor issue)
[buster] - erlang-jose <postponed> (DoS via a large p2c value but still appears minor)
NOTE: https://github.com/potatosalad/erlang-jose/issues/156
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a579ea4c51475d1f053b8c8111dd9734f6e33947
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a579ea4c51475d1f053b8c8111dd9734f6e33947
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240531/ccac0157/attachment.htm>
More information about the debian-security-tracker-commits
mailing list