[Git][security-tracker-team/security-tracker][master] triage of older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 10 22:19:12 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1450cbbd by Moritz Muehlenhoff at 2024-11-10T23:18:05+01:00
triage of older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24266,10 +24266,10 @@ CVE-2024-38321 (IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.
 CVE-2024-37286 (APM server logs contain document body from a partially failed bulk ind ...)
 	NOT-FOR-US: APM server
 CVE-2024-7319 (An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensi ...)
-	- heat <unfixed> (bug #1082855)
-	[bookworm] - heat <no-dsa> (Minor issue)
+	- heat <unfixed> (bug #1082855; unimportant)
 	[bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not applied)
 	NOTE: https://storyboard.openstack.org/#!/story/2011007
+	NOTE: Negligible security impact
 CVE-2024-7291 (The JetFormBuilder plugin for WordPress is vulnerable to privilege esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6477 (The UsersWP  WordPress plugin before 1.2.12 uses predictable filenames ...)
@@ -67502,12 +67502,13 @@ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` c
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
 	NOTE: Introduced by: https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c (v3.8.0b1)
 CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow atta ...)
-	- erlang-jose <unfixed> (bug #1067456)
+	- erlang-jose 1.11.10-1 (bug #1067456)
 	[bookworm] - erlang-jose <no-dsa> (Minor issue)
 	[bullseye] - erlang-jose <no-dsa> (Minor issue)
 	[buster] - erlang-jose <postponed> (DoS via a large p2c value but still appears minor)
 	NOTE: https://github.com/potatosalad/erlang-jose/issues/156
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md
+	NOTE: https://github.com/potatosalad/erlang-jose/commit/718d213f07b08056737923f8063d5df56dcb66ae (1.11.7)
 CVE-2023-4426
 	REJECTED
 CVE-2023-44092 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
@@ -76610,7 +76611,7 @@ CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All vers
 CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
 	{DLA-3751-1}
 	- libapache2-mod-auth-openidc 2.4.15.7-1 (bug #1064183)
-	[bookworm] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+	[bookworm] - libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1
 	[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
 	NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
 	NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2)
@@ -125989,7 +125990,7 @@ CVE-2023-1933
 	RESERVED
 CVE-2023-1932 (A flaw was found in hibernate-validator's 'isValid' method in the org. ...)
 	- libhibernate-validator-java <unfixed> (bug #1063540)
-	[bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+	[bookworm] - libhibernate-validator-java <ignored> (Minor issue)
 	[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
 	[buster] - libhibernate-validator-java <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
@@ -266728,7 +266729,7 @@ CVE-2021-33814
 CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
 	{DLA-2712-1 DLA-2696-1}
 	- libjdom2-intellij-java <unfixed> (bug #990673)
-	[bookworm] - libjdom2-intellij-java <no-dsa> (Minor issue)
+	[bookworm] - libjdom2-intellij-java <ignored> (Minor issue)
 	[bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
 	[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
 	- libjdom2-java 2.0.6-2.1 (bug #990671)
@@ -357417,7 +357418,7 @@ CVE-2020-10694
 	REJECTED
 CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in  ...)
 	- libhibernate-validator-java <unfixed> (bug #988946)
-	[bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+	[bookworm] - libhibernate-validator-java <ignored> (Minor issue)
 	[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
 	[buster] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
 	[stretch] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
@@ -412706,7 +412707,7 @@ CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to
 	[stretch] - linux 4.9.210-1
 CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
 	- libhibernate-validator-java <unfixed> (bug #948235)
-	[bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+	[bookworm] - libhibernate-validator-java <ignored> (Minor issue)
 	[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
 	[buster] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
 	[stretch] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1450cbbdacfdd5d31426f221193a605926477279

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1450cbbdacfdd5d31426f221193a605926477279
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241110/0692be17/attachment.htm>

More information about the debian-security-tracker-commits mailing list