[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 9 11:35:46 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff23c741 by Moritz Muehlenhoff at 2024-10-09T12:35:22+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,6 +33,7 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for you
NOT-FOR-US: Lara-zeus Dynamic Dashboard
CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was ...)
- vim <unfixed> (bug #1084806)
+ [bookworm] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 (v9.1.0764)
CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
@@ -1511,6 +1512,7 @@ CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper A
NOT-FOR-US: PIX-LINK
CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
- giflib <unfixed> (bug #1084058)
+ [bookworm] - giflib <no-dsa> (Minor issue)
NOTE: https://gitlab.com/mthandazo/project-pov
CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 al ...)
NOT-FOR-US: Solvait
@@ -1647,6 +1649,7 @@ CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component /tes
NOT-FOR-US: iq3xcite
CVE-2024-38796 (EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ...)
- edk2 <unfixed> (bug #1084055)
+ [bookworm] - edk2 <no-dsa> (Minor issue)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1993
NOTE: https://github.com/tianocore/edk2/pull/6249
@@ -2235,6 +2238,7 @@ CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to
- mattermost-server <itp> (bug #823556)
CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
- assimp <unfixed> (bug #1082857)
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/5771
CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows attackers to ex ...)
NOT-FOR-US: BECN DATAGERRY
@@ -5534,6 +5538,7 @@ CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes
NOT-FOR-US: XWiki
CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
- node-body-parser 1.20.3+~1.19.5-1 (bug #1081657)
+ [bookworm] - node-body-parser <no-dsa> (Minor issue)
NOTE: https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
NOTE: https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce (1.20.3)
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
@@ -136282,7 +136287,9 @@ CVE-2023-22925
RESERVED
CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL soft ...)
- intel-mediasdk <unfixed> (bug #1082866)
+ [bookworm] - intel-mediasdk <no-dsa> (Minor issue)
- onevpl <unfixed> (bug #1082867)
+ [bookworm] - onevpl <no-dsa> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
CVE-2023-22433
RESERVED
=====================================
data/DSA/list
=====================================
@@ -19,7 +19,7 @@
{CVE-2024-7025 CVE-2024-9369 CVE-2024-9370}
[bookworm] - chromium 129.0.6668.89-1~deb12u1
[02 Oct 2024] DSA-5780-1 php8.2 - security update
- {CVE-2024-8925 CVE-2024-8926 CVE-2024-8927}
+ {CVE-2024-8925 CVE-2024-8926 CVE-2024-8927 CVE-2024-9026}
[bookworm] - php8.2 8.2.24-1~deb12u1
[29 Sep 2024] DSA-5779-1 cups - security update
{CVE-2024-47175}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241009/1115cb07/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list