[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Nov 23 19:35:08 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8126cd6c by Moritz Muehlenhoff at 2024-11-23T20:34:11+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -834,6 +834,7 @@ CVE-2024-53426 (A heap-buffer-overflow vulnerability has been identified in ntop
 	NOTE: https://github.com/ntop/ntopng/issues/8793
 CVE-2024-53425 (A heap-buffer-overflow vulnerability was discovered in the SkipSpacesA ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/5860
 CVE-2024-53335 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflo ...)
 	NOT-FOR-US: TOTOLINK
@@ -963,10 +964,12 @@ CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4
 	NOT-FOR-US: Apache NiFi
 CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 al ...)
 	- wireshark 4.4.2-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20214
 CVE-2024-11595 (FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2 ...)
 	- wireshark 4.4.2-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-14.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20176
 CVE-2024-53095 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
@@ -2311,6 +2314,7 @@ CVE-2023-52921 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/90e065677e0362a777b9db97ea21d43a39211399 (6.5-rc6)
 CVE-2024-10524 (Applications that use Wget to access a remote resource using shorthand ...)
 	- wget <unfixed> (bug #1088023)
+	[bookworm] - wget <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/11/18/6
 	NOTE: https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 (v1.25.0)
@@ -2501,9 +2505,11 @@ CVE-2024-5030 (The CM Table Of Contents  WordPress plugin before 1.2.3 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.2 ...)
 	- lemonldap-ng 2.20.1+ds-1
+	[bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257
 CVE-2024-52946 (An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Ch ...)
 	- lemonldap-ng 2.20.1+ds-1
+	[bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255
 CVE-2024-52945 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)
 	NOT-FOR-US: Veritas NetBackup
@@ -2778,6 +2784,7 @@ CVE-2024-52523 (Nextcloud Server is a self hosted personal cloud system. After s
 	- nextcloud-server <itp> (bug #941708)
 CVE-2024-52522 (Rclone is a command-line program to sync files and directories to and  ...)
 	- rclone <unfixed> (bug #1088107)
+	[bookworm] - rclone <no-dsa> (Minor issue)
 	NOTE: https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv
 	NOTE: https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0 (master)
 	NOTE: https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533 (v1.68.2)
@@ -5930,6 +5937,7 @@ CVE-2024-10964 (A vulnerability classified as critical has been found in emqx ne
 	NOT-FOR-US: emqx neuron
 CVE-2024-10963 (A flaw was found in pam_access, where certain rules in its configurati ...)
 	- pam <unfixed> (bug #1087019)
+	[bookworm] - pam <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
 	NOTE: https://github.com/linux-pam/linux-pam/issues/834
 CVE-2024-10668 (There exists an auth bypass in Google Quickshare where an attacker can ...)
@@ -6900,6 +6908,7 @@ CVE-2023-34443 (Combodo iTop is a simple, web based IT Service Management tool.
 	NOT-FOR-US: Combodo iTop
 CVE-2024-51744 (golang-jwt is a Go implementation of JSON Web Tokens. Unclear document ...)
 	- golang-github-golang-jwt-jwt <unfixed> (bug #1086792)
+	[bookworm] - golang-github-golang-jwt-jwt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2323735
 	NOTE: https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c (v4.5.1)
 CVE-2024-9147 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ linux (carnil)
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+php8.2
+--
 python-aiohttp (jmm)
 --
 ring



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8126cd6c029149bb1dd1139766036dd58ee47a6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8126cd6c029149bb1dd1139766036dd58ee47a6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241123/8a9327ec/attachment.htm>

More information about the debian-security-tracker-commits mailing list