[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 9 11:35:46 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff23c741 by Moritz Muehlenhoff at 2024-10-09T12:35:22+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,6 +33,7 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for you
 	NOT-FOR-US: Lara-zeus Dynamic Dashboard
 CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was  ...)
 	- vim <unfixed> (bug #1084806)
+	[bookworm] - vim <no-dsa> (Minor issue)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
 	NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 (v9.1.0764)
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
@@ -1511,6 +1512,7 @@ CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper A
 	NOT-FOR-US: PIX-LINK
 CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
 	- giflib <unfixed> (bug #1084058)
+	[bookworm] - giflib <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/mthandazo/project-pov
 CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 al ...)
 	NOT-FOR-US: Solvait
@@ -1647,6 +1649,7 @@ CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component /tes
 	NOT-FOR-US: iq3xcite
 CVE-2024-38796 (EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ...)
 	- edk2 <unfixed> (bug #1084055)
+	[bookworm] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1993
 	NOTE: https://github.com/tianocore/edk2/pull/6249
@@ -2235,6 +2238,7 @@ CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
 	- assimp <unfixed> (bug #1082857)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/5771
 CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows attackers to ex ...)
 	NOT-FOR-US: BECN DATAGERRY
@@ -5534,6 +5538,7 @@ CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes
 	NOT-FOR-US: XWiki
 CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
 	- node-body-parser 1.20.3+~1.19.5-1 (bug #1081657)
+	[bookworm] - node-body-parser <no-dsa> (Minor issue)
 	NOTE: https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
 	NOTE: https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce (1.20.3)
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
@@ -136282,7 +136287,9 @@ CVE-2023-22925
 	RESERVED
 CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL soft ...)
 	- intel-mediasdk <unfixed> (bug #1082866)
+	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
 	- onevpl <unfixed> (bug #1082867)
+	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-22433
 	RESERVED


=====================================
data/DSA/list
=====================================
@@ -19,7 +19,7 @@
 	{CVE-2024-7025 CVE-2024-9369 CVE-2024-9370}
 	[bookworm] - chromium 129.0.6668.89-1~deb12u1
 [02 Oct 2024] DSA-5780-1 php8.2 - security update
-	{CVE-2024-8925 CVE-2024-8926 CVE-2024-8927}
+	{CVE-2024-8925 CVE-2024-8926 CVE-2024-8927 CVE-2024-9026}
 	[bookworm] - php8.2 8.2.24-1~deb12u1
 [29 Sep 2024] DSA-5779-1 cups - security update
 	{CVE-2024-47175}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241009/1115cb07/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list