[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 25 09:54:37 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e17e5e2a by Moritz Muehlenhoff at 2024-11-25T10:52:49+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2024-53901 (The Imager package before 1.025 for Perl has a heap-based buffer overf ...)
- libimager-perl 1.025+dfsg-1
+ [bookworm] - libimager-perl <no-dsa> (Minor issue)
NOTE: https://github.com/tonycoz/imager/issues/534
NOTE: https://github.com/tonycoz/imager/commit/7851737838aa86113b276aea02729cc1f6e9eed0 (v1.025)
NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/167
@@ -1076,9 +1077,11 @@ CVE-2024-52765 (H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code ex
NOT-FOR-US: H3C GR-1800AX MiniGRW1B0V100R007
CVE-2024-52763 (A cross-site scripting (XSS) vulnerability in the component /graph_all ...)
- ganglia-web <unfixed>
+ [bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/ganglia/ganglia-web/issues/382
CVE-2024-52762 (A cross-site scripting (XSS) vulnerability in the component /master/he ...)
- ganglia-web <unfixed>
+ [bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/ganglia/ganglia-web/issues/382
CVE-2024-52757 (D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow ...)
NOT-FOR-US: D-LINK
=====================================
data/dsa-needed.txt
=====================================
@@ -27,13 +27,15 @@ linux (carnil)
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
-php8.2
+php8.2 (jmm)
--
python-aiohttp (jmm)
--
+python-tornado
+--
ring
--
-smarty3
+smarty3 (jmm)
Tobias Frost posted a debdiff for review addressing CVE-2023-28447 and CVE-2024-35226
--
smarty4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17e5e2abbab32e25994ab5be3f247f30029830c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17e5e2abbab32e25994ab5be3f247f30029830c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241125/94637444/attachment.htm>
More information about the debian-security-tracker-commits
mailing list