[Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via bookworm 12.8
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 9 09:55:20 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b9ea11cc by Salvatore Bonaccorso at 2024-11-07T22:06:49+01:00
Merge changes for updates with CVEs via bookworm 12.8
- - - - -
bee3f1e4 by Salvatore Bonaccorso at 2024-11-09T09:55:13+00:00
Merge branch 'bookworm-12.8' into 'master'
Merge changes accepted for bookworm 12.8 release
See merge request security-tracker-team/security-tracker!195
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2363,7 +2363,7 @@ CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser E
NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
- node-dompurify 3.0.9+dfsg+~3.0.5-1
- [bookworm] - node-dompurify <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
NOTE: https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc (2.4.2)
CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request Forgery ...)
@@ -7154,7 +7154,7 @@ CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs w
{DLA-3942-1}
[experimental] - openssl 3.4.0-1
- openssl 3.3.2-2 (bug #1085378)
- [bookworm] - openssl <postponed> (Minor issue, fix along in next update)
+ [bookworm] - openssl 3.0.15-1~deb12u1
NOTE: https://openssl-library.org/news/secadv/20241016.txt
NOTE: https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 (openssl-3.3)
NOTE: https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 (openssl-3.0)
@@ -8873,7 +8873,7 @@ CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and
NOT-FOR-US: Jira plugin
CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.1 ...)
- lemonldap-ng 2.20.0+ds-1 (bug #1084979)
- [bookworm] - lemonldap-ng <no-dsa> (Minor issue)
+ [bookworm] - lemonldap-ng 2.16.1+ds-deb12u3
[bullseye] - lemonldap-ng <postponed> (Minor issue; can be fixed in next update)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
CVE-2024-9680 (An attacker was able to achieve code execution in the content process ...)
@@ -12560,7 +12560,7 @@ CVE-2024-37879 (Improper input validation in /admin/config/save in User-friendly
CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attack ...)
{DLA-3895-1}
- puredata 0.54.1+ds-1
- [bookworm] - puredata <no-dsa> (Minor issue)
+ [bookworm] - puredata 0.53.1+ds-2+deb12u1
NOTE: https://github.com/pure-data/pure-data/issues/2063
NOTE: https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d (0.54-1test1)
CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...)
@@ -13860,6 +13860,7 @@ CVE-2024-45835 (Mattermost Desktop App versions <=5.8.0 fail to sufficiently con
- mattermost-desktop <itp> (bug #831861)
CVE-2024-45801 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
- node-dompurify <not-affected> (Vulnerable code not present in a Debian released version)
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
NOTE: Depth checking added in (with followups): https://github.com/cure53/DOMPurify/commit/c5369f2995819e1c338d9ffe136f2da25f12a81e (3.1.1)
NOTE: Fixed by: https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.1.3)
@@ -15001,20 +15002,20 @@ CVE-2024-1656 (Affected versions of Octopus Server had a weak content security p
NOT-FOR-US: Octopus Server
CVE-2024-8096 (When curl is told to use the Certificate Status Request TLS extension, ...)
- curl 8.10.0-1
- [bookworm] - curl <no-dsa> (Minor issue)
+ [bookworm] - curl 7.88.1-10+deb12u8
[bullseye] - curl <postponed> (Minor issue)
NOTE: https://curl.se/docs/CVE-2024-8096.html
NOTE: Introduced with: https://github.com/curl/curl/commit/f13669a375f5bfd14797bda91642cabe076974fa (curl-7_41_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f (curl-8_10_0)
CVE-2024-24968 (Improper finite state machines (FSMs) in hardware logic in some Intel( ...)
- intel-microcode 3.20240910.1 (bug #1081363)
- [bookworm] - intel-microcode <no-dsa> (Minor issue)
+ [bookworm] - intel-microcode 3.20240910.1~deb12u1
[bullseye] - intel-microcode <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
CVE-2024-23984 (Observable discrepancy in RAPL interface for some Intel(R) Processors ...)
- intel-microcode 3.20240910.1 (bug #1081363)
- [bookworm] - intel-microcode <no-dsa> (Minor issue)
+ [bookworm] - intel-microcode 3.20240910.1~deb12u1
[bullseye] - intel-microcode <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
@@ -15041,7 +15042,7 @@ CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leadin
CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
{DLA-3906-1}
- wireshark 4.2.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...)
@@ -15968,7 +15969,7 @@ CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly s
NOT-FOR-US: WordPress plugin
CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...)
- tgt 1:1.0.85-1.3 (bug #1081158)
- [bookworm] - tgt <no-dsa> (Minor issue)
+ [bookworm] - tgt 1:1.0.85-1+deb12u1
[bullseye] - tgt <postponed> (Minor issue)
NOTE: https://github.com/fujita/tgt/pull/67
NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93)
@@ -16133,12 +16134,12 @@ CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: Forcepoint Email Security
CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) ...)
- clamav 1.4.1+dfsg-1 (bug #1080962)
- [bookworm] - clamav <no-dsa> (clamav is updated via -updates)
+ [bookworm] - clamav 1.0.7+dfsg-1~deb12u1
[bullseye] - clamav <postponed> (Minor issue)
NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...)
- clamav 1.4.1+dfsg-1 (bug #1080962)
- [bookworm] - clamav <no-dsa> (clamav is updated via -updates)
+ [bookworm] - clamav 1.0.7+dfsg-1~deb12u1
[bullseye] - clamav <postponed> (Minor issue)
NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
CVE-2024-8418 (A flaw was found in Aardvark-dns, which is vulnerable to a Denial of S ...)
@@ -16815,7 +16816,7 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u4
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
@@ -17545,7 +17546,7 @@ CVE-2021-4442 (In the Linux kernel, the following vulnerability has been resolve
CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.1 ...)
{DLA-3906-1}
- wireshark 4.4.0-1 (bug #1080298)
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-11.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19943
NOTE: Fixed by: https://gitlab.com/wireshark/wireshark/-/commit/66dcd56f1eae615697b6588ac4778a61a5576391 (v4.3.1)
@@ -17605,7 +17606,7 @@ CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing spr
NOT-FOR-US: PHPSpreadsheet
CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some paramet ...)
- xfpt 1.00-3 (bug #1080219)
- [bookworm] - xfpt <no-dsa> (Minor issue)
+ [bookworm] - xfpt 0.11-1+deb12u1
[bullseye] - xfpt <postponed> (Minor issue)
NOTE: https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
CVE-2024-41918 ('Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichib ...)
@@ -18122,7 +18123,7 @@ CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devi
NOT-FOR-US: GL-iNet devices
CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
- apr 1.7.5-1 (bug #1080375)
- [bookworm] - apr <no-dsa> (Minor issue)
+ [bookworm] - apr 1.7.2-3+deb12u1
[bullseye] - apr <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
@@ -26435,7 +26436,7 @@ CVE-2024-41110 (Moby is an open-source project created by Docker for software co
{DLA-3918-1}
[experimental] - docker.io 26.1.5+dfsg1-1
- docker.io 26.1.5+dfsg1-2
- [bookworm] - docker.io <no-dsa> (Minor issue, will be fixed via spu)
+ [bookworm] - docker.io 20.10.24+dfsg1-1+deb12u1
NOTE: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
NOTE: https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
NOTE: 20.10 branch: fixed by https://github.com/moby/moby/commit/88c4b7690840044ce15489699294ec7c5dadf5dd
@@ -31542,6 +31543,7 @@ CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer over
NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=77dc7f699beba606937b7ea23b50cf5974fa64b1 (ghostpdl-10.03.0)
CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...)
- 7zip 24.05+dfsg-1 (unimportant)
+ [bookworm] - 7zip 22.01+dfsg-8+deb12u1
NOTE: Crash in CLI tool, no security impact
- p7zip 16.02+transitional.1 (unimportant)
NOTE: https://sourceforge.net/p/sevenzip/bugs/2402/
@@ -31551,7 +31553,7 @@ CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)
NOTE: depending on 7zip. Mark this version as fixed version.
CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...)
- 7zip 24.05+dfsg-1
- [bookworm] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip 22.01+dfsg-8+deb12u1
- p7zip 16.02+transitional.1
[bookworm] - p7zip <no-dsa> (Minor issue)
[bullseye] - p7zip <postponed> (Minor issue, sourceforge but is not public)
@@ -32752,7 +32754,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modi
CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto ...)
{DLA-3942-1}
- openssl 3.3.2-1 (bug #1074487)
- [bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
+ [bookworm] - openssl 3.0.15-1~deb12u1
NOTE: https://www.openssl.org/news/secadv/20240627.txt
NOTE: https://github.com/openssl/openssl/commit/2ebbe2d7ca8551c4cb5fbb391ab9af411708090e
NOTE: https://github.com/openssl/openssl/commit/c6e1ea223510bb7104bf0c41c0c45eda5a16b718
@@ -36947,7 +36949,7 @@ CVE-2024-1495 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab <unfixed>
CVE-2023-52890 (NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...)
- ntfs-3g 1:2022.10.3-3 (bug #1073248)
- [bookworm] - ntfs-3g <no-dsa> (Minor issue)
+ [bookworm] - ntfs-3g 1:2022.10.3-1+deb12u1
[bullseye] - ntfs-3g 1:2017.3.23AR.3-4+deb11u4
[buster] - ntfs-3g <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/tuxera/ntfs-3g/issues/84
@@ -48325,6 +48327,7 @@ CVE-2024-4764 (Multiple WebRTC threads could have claimed a newly connected audi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4764
CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...)
- wireshark 4.2.5-1 (unimportant)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
NOTE: Crash in CLI tool, no security impact
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-09.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19782
@@ -48333,7 +48336,7 @@ CVE-2024-4855 (Use after free issue in editcap could cause denial of service via
CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...)
{DLA-3906-1}
- wireshark 4.2.5-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
[buster] - wireshark <postponed> (can be piggyback'd with the next update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19726
@@ -48343,6 +48346,7 @@ CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0
CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...)
{DLA-3906-1}
- wireshark 4.2.5-1 (unimportant)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
NOTE: Crash in CLI tool, no security impact
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724
@@ -55015,7 +55019,7 @@ CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer r
NOT-FOR-US: inducer relate
CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...)
- cjson 1.7.18-1 (bug #1071742)
- [bookworm] - cjson <no-dsa> (Minor issue)
+ [bookworm] - cjson 1.7.15-1+deb12u2
[bullseye] - cjson 1.7.14-1+deb11u1
[buster] - cjson <postponed> (Sefault only; can be piggy-backed with future DLAs)
NOTE: https://github.com/DaveGamble/cJSON/issues/839
@@ -61898,7 +61902,7 @@ CVE-2024-30255 (Envoy is a cloud-native, open source edge and service proxy. The
CVE-2024-28182 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
{DLA-3898-1 DLA-3804-1}
- nghttp2 1.61.0-1 (bug #1068415)
- [bookworm] - nghttp2 <no-dsa> (Minor issue)
+ [bookworm] - nghttp2 1.52.0-1+deb12u2
NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0 (v1.61.0)
@@ -65052,7 +65056,7 @@ CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
{DLA-3906-1}
- wireshark 4.2.4-1 (bug #1068111)
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
[buster] - wireshark <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19695
@@ -74250,7 +74254,7 @@ CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store ev
NOT-FOR-US: EventStoreDB (ESDB)
CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives ...)
- python-cryptography 42.0.5-1 (bug #1064778)
- [bookworm] - python-cryptography <no-dsa> (Minor issue)
+ [bookworm] - python-cryptography 38.0.4-3+deb12u1
[bullseye] - python-cryptography <not-affected> (Vulnerable code was introduced later)
[buster] - python-cryptography <not-affected> (Vulnerable code was introduced later)
NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
@@ -84645,7 +84649,7 @@ CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to com
CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...)
{DLA-3906-1}
- wireshark 4.2.2-1 (bug #1059925)
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19557
@@ -84659,7 +84663,7 @@ CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of se
CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...)
{DLA-3906-1}
- wireshark 4.2.2-1 (bug #1059925)
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19501
@@ -84668,7 +84672,7 @@ CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11,
CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...)
{DLA-3906-1 DLA-3746-1}
- wireshark 4.2.2-1 (bug #1059925)
- [bookworm] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark 4.0.17-0+deb12u1
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19496
CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...)
@@ -85732,7 +85736,7 @@ CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0
CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...)
{DLA-3907-1}
- sqlite3 3.43.1-1
- [bookworm] - sqlite3 <no-dsa> (Minor issue)
+ [bookworm] - sqlite3 3.40.1-2+deb12u1
[buster] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/forum/forumpost/5bcbf4571c
NOTE: Fixed by: https://sqlite.org/src/info/0e4e7a05c4204b47
@@ -91373,7 +91377,7 @@ CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra an
CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives ...)
{DLA-3922-1}
- python-cryptography 41.0.7-1 (bug #1057108)
- [bookworm] - python-cryptography <no-dsa> (Minor issue)
+ [bookworm] - python-cryptography 38.0.4-3+deb12u1
[buster] - python-cryptography <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
NOTE: https://github.com/pyca/cryptography/pull/9926
=====================================
data/next-point-update.txt
=====================================
@@ -1,69 +1,3 @@
-CVE-2024-31755
- [bookworm] - cjson 1.7.15-1+deb12u2
-CVE-2023-52890
- [bookworm] - ntfs-3g 1:2022.10.3-1+deb12u1
-CVE-2024-6232
- [bookworm] - python3.11 3.11.2-6+deb12u4
-CVE-2023-47480
- [bookworm] - puredata 0.53.1+ds-2+deb12u1
-CVE-2024-28182
- [bookworm] - nghttp2 1.52.0-1+deb12u2
-CVE-2024-0208
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-0209
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-2955
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-4853
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-4854
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-4855
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-8250
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-8645
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2024-0211
- [bookworm] - wireshark 4.0.17-0+deb12u1
-CVE-2023-7104
- [bookworm] - sqlite3 3.40.1-2+deb12u1
-CVE-2024-20506
- [bookworm] - clamav 1.0.7+dfsg-1~deb12u1
-CVE-2024-20505
- [bookworm] - clamav 1.0.7+dfsg-1~deb12u1
-CVE-2023-52168
- [bookworm] - 7zip 22.01+dfsg-8+deb12u1
-CVE-2023-52169
- [bookworm] - 7zip 22.01+dfsg-8+deb12u1
-CVE-2024-48933
- [bookworm] - lemonldap-ng 2.16.1+ds-deb12u3
-CVE-2023-49083
- [bookworm] - python-cryptography 38.0.4-3+deb12u1
-CVE-2024-26130
- [bookworm] - python-cryptography 38.0.4-3+deb12u1
-CVE-2024-43700
- [bookworm] - xfpt 0.11-1+deb12u1
-CVE-2024-41110
- [bookworm] - docker.io 20.10.24+dfsg1-1+deb12u1
-CVE-2024-45751
- [bookworm] - tgt 1:1.0.85-1+deb12u1
-CVE-2024-9143
- [bookworm] - openssl 3.0.15-1~deb12u1
-CVE-2024-5535
- [bookworm] - openssl 3.0.15-1~deb12u1
-CVE-2024-8096
- [bookworm] - curl 7.88.1-10+deb12u8
-CVE-2024-45801
- [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
-CVE-2024-48910
- [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
-CVE-2024-23984
- [bookworm] - intel-microcode 3.20240910.1~deb12u1
-CVE-2024-24968
- [bookworm] - intel-microcode 3.20240910.1~deb12u1
-CVE-2023-49582
- [bookworm] - apr 1.7.2-3+deb12u1
CVE-2024-38796
[bookworm] - edk2 2022.11-6+deb12u2
CVE-2024-1298
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/df5b7f7697cd624c753ad635b70bd3556b9f4a65...bee3f1e46e457f7be2028174ea2d127a0baba717
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/df5b7f7697cd624c753ad635b70bd3556b9f4a65...bee3f1e46e457f7be2028174ea2d127a0baba717
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241109/ea805022/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list