[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2024-47814/vim as postponed for bullseye

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Fri Oct 11 09:27:50 BST 2024 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89e2543b by Emilio Pozuelo Monfort at 2024-10-11T10:27:35+02:00
Mark CVE-2024-47814/vim as postponed for bullseye

- - - - -
dda930b7 by Emilio Pozuelo Monfort at 2024-10-11T10:27:36+02:00
Triage libarchive filter CVEs as n/a on bullseye

- - - - -
6e4134b6 by Emilio Pozuelo Monfort at 2024-10-11T10:27:36+02:00
lts: add firmware-nonfree

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -350,10 +350,12 @@ CVE-2024-6747 (Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.
 	- check-mk <removed>
 CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in libarchiv ...)
 	- libarchive <unfixed>
+	[bullseye] - libarchive <not-affected> (RAR filter support introduced in 3.6.0)
 	NOTE: https://github.com/libarchive/libarchive/pull/2148
 	NOTE: https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 (v3.7.5)
 CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in libarchiv ...)
 	- libarchive <unfixed>
+	[bullseye] - libarchive <not-affected> (RAR filter support introduced in 3.6.0)
 	NOTE: https://github.com/libarchive/libarchive/pull/2149
 	NOTE: https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)
 CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the Elliptic pac ...)
@@ -1004,6 +1006,7 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for you
 CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was  ...)
 	- vim <unfixed> (bug #1084806)
 	[bookworm] - vim <no-dsa> (Minor issue)
+	[bullseye] - vim <postponed> (Minor issue)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
 	NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 (v9.1.0764)
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)


=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,11 @@ ffmpeg (Markus Koschany)
   NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
   NOTE: 20240911: to support bullseye (pochu)
 --
+firmware-nonfree
+  NOTE: 20241011: Added by Front-Desk (pochu)
+  NOTE: 20241011: Update to bookworm version, possibly coordinate upload of
+  NOTE: 20241011: trixie version to bookworm-pu and backport that to bullseye (pochu)
+--
 flatpak (Adrian Bunk)
   NOTE: 20240814: Added by oldstable Security Team (carnil)
   NOTE: 20240815: Follow fixes from DSA-5749-1 (CVE-2024-42472) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f13327262e587eee7b3bd5d2ff4174659c3b0140...6e4134b6a2ee9bd285756f1702d47d2820ef13ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f13327262e587eee7b3bd5d2ff4174659c3b0140...6e4134b6a2ee9bd285756f1702d47d2820ef13ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241011/9111803d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list