[Git][security-tracker-team/security-tracker][master] triage older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Nov 8 19:26:42 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f82eb2db by Moritz Muehlenhoff at 2024-11-08T20:26:08+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55765,7 +55765,7 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior t
NOT-FOR-US: Mealie
CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...)
- pytorch 2.4.1-1 (bug #1070379)
- [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bookworm] - pytorch <ignored> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...)
@@ -56580,7 +56580,7 @@ CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-
NOTE: Introduced by https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...)
- pytorch 2.4.1-1 (bug #1070379)
- [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bookworm] - pytorch <ignored> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...)
@@ -56599,7 +56599,7 @@ CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper valida
NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196 (n7.0)
CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...)
- pytorch 2.4.1-1 (bug #1070379)
- [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bookworm] - pytorch <ignored> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free ...)
@@ -84159,7 +84159,7 @@ CVE-2023-6493 (The Depicter Slider \u2013 Responsive Image Slider, Video Slider
NOT-FOR-US: WordPress plugin
CVE-2023-52323 (PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakag ...)
- pycryptodome 3.20.0+dfsg-1 (bug #1060059)
- [bookworm] - pycryptodome <no-dsa> (Minor issue)
+ [bookworm] - pycryptodome <ignored> (Minor issue)
[bullseye] - pycryptodome <no-dsa> (Minor issue)
[buster] - pycryptodome <no-dsa> (Minor issue)
NOTE: https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd (v3.19.1)
@@ -98862,20 +98862,24 @@ CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a fin
NOT-FOR-US: LINE
CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...)
- libjson-java <unfixed> (bug #1053882)
- [bookworm] - libjson-java <no-dsa> (Minor issue)
+ [bookworm] - libjson-java <no-dsa> (Minor issue, revisit when fixed upstream)
[bullseye] - libjson-java <no-dsa> (Minor issue)
[buster] - libjson-java <no-dsa> (Minor issue)
- jenkins-json <unfixed> (bug #1053883)
- [bookworm] - jenkins-json <no-dsa> (Minor issue)
+ [bookworm] - jenkins-json <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - jenkins-json <no-dsa> (Minor issue)
[buster] - jenkins-json <no-dsa> (Minor issue)
- libjettison-java <unfixed> (bug #1053884)
- [bookworm] - libjettison-java <no-dsa> (Minor issue)
+ [bookworm] - libjettison-java <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libjettison-java <no-dsa> (Minor issue)
[buster] - libjettison-java <no-dsa> (Minor issue)
NOTE: https://github.com/stleary/JSON-java/issues/758
NOTE: https://github.com/stleary/JSON-java/issues/771
NOTE: https://github.com/stleary/JSON-java/pull/772/
+ NOTE: https://github.com/stleary/JSON-java/commit/eaa5611ba3a58737a57656a5a36f0917dd1e702b (20231013)
+ NOTE: https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe (20231013)
+ NOTE: https://github.com/stleary/JSON-java/commit/16967f322ee65c301b48fa79bb681e38896fd212 (20231013)
+ NOTE: https://github.com/stleary/JSON-java/commit/661114c50dcfd53bb041aab66f14bb91e0a87c8a (20231013)
CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Procost
CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -106320,20 +106324,20 @@ CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows
NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948
CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...)
- libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
- [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+ [bookworm] - libpf4j-java <ignored> (Minor issue)
NOTE: https://github.com/pf4j/pf4j/pull/537
NOTE: https://github.com/pf4j/pf4j/pull/538
NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72
CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...)
- libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
- [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+ [bookworm] - libpf4j-java <ignored> (Minor issue)
NOTE: https://github.com/pf4j/pf4j/issues/536
NOTE: https://github.com/pf4j/pf4j/pull/537
NOTE: https://github.com/pf4j/pf4j/pull/538
NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72
CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...)
- libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
- [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+ [bookworm] - libpf4j-java <ignored> (Minor issue)
NOTE: https://github.com/pf4j/pf4j/issues/536
NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526
NOTE: https://github.com/pf4j/pf4j/pull/538
@@ -113764,7 +113768,7 @@ CVE-2023-34471 (AMI SPx contains a vulnerability in the BMC where a user may cau
NOT-FOR-US: AMI SPx
CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction with web ...)
- python-mechanicalsoup 1.3.0-1 (bug #1041814)
- [bookworm] - python-mechanicalsoup <no-dsa> (Minor issue)
+ [bookworm] - python-mechanicalsoup <ignored> (Minor issue)
[bullseye] - python-mechanicalsoup <no-dsa> (Minor issue)
[buster] - python-mechanicalsoup <no-dsa> (Minor issue; invasive backport required)
NOTE: https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f82eb2dbb1b4c5eff05b2967081582d285edf00d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f82eb2dbb1b4c5eff05b2967081582d285edf00d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241108/4264a508/attachment.htm>
More information about the debian-security-tracker-commits
mailing list