[Git][security-tracker-team/security-tracker][master] 4 commits: lts: triage consul as EOL

Fri Nov 1 08:54:54 GMT 2024


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5338f3d by Emilio Pozuelo Monfort at 2024-11-01T09:54:36+01:00
lts: triage consul as EOL

- - - - -
ee2c5452 by Emilio Pozuelo Monfort at 2024-11-01T09:54:37+01:00
lts: add ghostscript

- - - - -
fdebcc17 by Emilio Pozuelo Monfort at 2024-11-01T09:54:38+01:00
lts: Triage CVE-2024-9676/golang-* as postponed

- - - - -
454e565b by Emilio Pozuelo Monfort at 2024-11-01T09:54:40+01:00
lts: Triage CVE-2023-32190/mlocate as n/a on bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -215,10 +215,13 @@ CVE-2024-10392 (The AI Power: Complete AI Pack plugin for WordPress is vulnerabl
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10086 (A vulnerability was identified in Consul and Consul Enterprise such th ...)
 	- consul <removed>
+	[bullseye] - consul <end-of-life> (bug #1057418)
 CVE-2024-10006 (A vulnerability was identified in Consul and Consul Enterprise (\u201c ...)
 	- consul <removed>
+	[bullseye] - consul <end-of-life> (bug #1057418)
 CVE-2024-10005 (A vulnerability was identified in Consul and Consul Enterprise (\u201c ...)
 	- consul <removed>
+	[bullseye] - consul <end-of-life> (bug #1057418)
 CVE-2023-52066 (http.zig commit 76cf5 was discovered to contain a CRLF injection vulne ...)
 	TODO: check
 CVE-2024-9419 (Client / Server PCs with the HP Smart Universal Printing Driver instal ...)
@@ -4905,7 +4908,7 @@ CVE-2023-32191 (When RKE provisions a cluster, it stores the cluster state in a
 	NOT-FOR-US: SuSE RKE
 CVE-2023-32190 (mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary f ...)
 	- mlocate <removed>
-	[bullseye] - mlocate <postponed> (Minor issue; can be fixed in next update)
+	[bullseye] - mlocate <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1218896
 CVE-2023-32189 (Insecure handling of ssh keys used to bootstrap clients allows local a ...)
 	NOT-FOR-US: SuSE Manager
@@ -5204,8 +5207,10 @@ CVE-2024-9895 (The Smart Online Order for Clover plugin for WordPress is vulnera
 CVE-2024-9676 (A vulnerability was found in Podman, Buildah, and CRI-O. A symlink tra ...)
 	- golang-github-containers-buildah <unfixed>
 	[bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
+	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	- golang-github-containers-storage 1.55.1+ds1-1
 	[bookworm] - golang-github-containers-storage <no-dsa> (Minor issue)
+	[bullseye] - golang-github-containers-storage <postponed> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317467
 	NOTE: https://github.com/containers/buildah/pull/5786


=====================================
data/dla-needed.txt
=====================================
@@ -71,6 +71,9 @@ freeimage
   NOTE: 20240922: Added by Front-Desk (apo)
   NOTE: 20240922: Many postponed CVE.
 --
+ghostscript
+  NOTE: 20241101: Added by Front-Desk (pochu)
+--
 glewlwyd
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: A couple minor issues could be sync'd from bookworm, and a few postponed, but this can wait.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/642335573bed1c92c840e71a1ea3c6f6b260fcaa...454e565b6c428bc811f4f3f77f4985d43f4ecc68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/642335573bed1c92c840e71a1ea3c6f6b260fcaa...454e565b6c428bc811f4f3f77f4985d43f4ecc68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241101/ae4dc805/attachment.htm>
