[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 24 20:03:10 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1313252f by Moritz Muehlenhoff at 2024-11-24T21:02:22+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21045,12 +21045,12 @@ CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versi
 	NOT-FOR-US: TechExcel Back Office Software
 CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <sourc ...)
 	- angular.js <unfixed>
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <postponed> (Minor issue)
 	NOTE: https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
 CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute in Angu ...)
 	- angular.js <unfixed>
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <postponed> (Minor issue)
 	NOTE: https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
 CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and August 14,  ...)
@@ -59895,7 +59895,7 @@ CVE-2023-48683 (Sensitive information disclosure and manipulation due to missing
 	NOT-FOR-US: Acronis Cyber Protect Cloud Agent
 CVE-2023-46565 (Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d1 ...)
 	- gobgp <unfixed> (bug #1070393)
-	[bookworm] - gobgp <no-dsa> (Minor issue)
+	[bookworm] - gobgp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - gobgp <no-dsa> (Minor issue)
 	NOTE: https://github.com/osrg/gobgp/issues/2725
 CVE-2023-46270 (MacPaw The Unarchiver before 4.3.6 contains vulnerability related to m ...)
@@ -82467,7 +82467,7 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framewo
 	NOT-FOR-US: nonebot2
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
 	- angular.js <unfixed>
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <postponed> (Fix along with the next DLA)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
@@ -117144,7 +117144,7 @@ CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 al
 	NOT-FOR-US: Grav CMStduck-platform
 CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp 3.8.5-1
-	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
+	[bookworm] - python-aiohttp <ignored> (Minor issue)
 	[bullseye] - python-aiohttp <not-affected> (doesn't use llhttp, PoC is rejected with Bad Request)
 	[buster] - python-aiohttp <not-affected> (doesn't use llhttp, PoC is rejected with Bad Request)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
@@ -141755,19 +141755,19 @@ CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0
 	NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
 CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
 	- angular.js <unfixed> (bug #1036694)
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
 CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
 	- angular.js <unfixed> (bug #1036694)
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
 CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular  ...)
 	- angular.js <unfixed> (bug #1036694)
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
@@ -222094,7 +222094,7 @@ CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pol
 	NOT-FOR-US: Node querymen
 CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
 	- angular.js <unfixed> (bug #1036694)
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
@@ -222153,7 +222153,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to
 	NOT-FOR-US: com.alibaba:fastjson
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
 	- angular.js <unfixed> (bug #1014779)
-	[bookworm] - angular.js <no-dsa> (Minor issue)
+	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
 	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1313252f6d2364f1bdde56b63ab6bff315027f90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1313252f6d2364f1bdde56b63ab6bff315027f90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241124/14c91d91/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list