[Git][security-tracker-team/security-tracker][master] 3 commits: Triage chromium issues as EOL for bullseye

Fri Oct 11 12:03:16 BST 2024


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
450c4c57 by Emilio Pozuelo Monfort at 2024-10-11T13:03:00+02:00
Triage chromium issues as EOL for bullseye

- - - - -
574afb7c by Emilio Pozuelo Monfort at 2024-10-11T13:03:02+02:00
Triage golang-github-containers-buildah issues for bullseye

- - - - -
541069d4 by Emilio Pozuelo Monfort at 2024-10-11T13:03:04+02:00
Triage CVE-2024-45590/node-body-parser for bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -419,6 +419,7 @@ CVE-2024-9680 (An attacker was able to achieve code execution in the content pro
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
 CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not properly val ...)
 	- golang-github-containers-buildah <unfixed>
+	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://phabricator.wikimedia.org/T376886
 CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism to see ...)
 	NOT-FOR-US: Red Hat 3scale
@@ -1011,9 +1012,11 @@ CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE') vu
 CVE-2024-9603 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed  ...)
 	{DSA-5787-1}
 	- chromium 129.0.6668.100-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-9602 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed  ...)
 	{DSA-5787-1}
 	- chromium 129.0.6668.100-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-9622 (A vulnerability was found in the resteasy-netty4 library arising from  ...)
 	NOT-FOR-US: resteasy-netty4
 CVE-2024-9621 (A vulnerability was found in Quarkus CXF. Passwords and other secrets  ...)
@@ -2146,6 +2149,7 @@ CVE-2024-XXXX [znuny zsa-2024-04]
 	NOTE: https://www.znuny.org/en/advisories/zsa-2024-04
 CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the Dockerfil ...)
 	- golang-github-containers-buildah <unfixed>
+	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
 CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before version 24. ...)
 	NOT-FOR-US: M-Files
@@ -6557,6 +6561,7 @@ CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes
 CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
 	- node-body-parser 1.20.3+~1.19.5-1 (bug #1081657)
 	[bookworm] - node-body-parser <no-dsa> (Minor issue)
+	[bullseye] - node-body-parser <postponed> (Minor issue)
 	NOTE: https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
 	NOTE: https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce (1.20.3)
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8a451a99283db6009add6c1d54794bc45cd297f1...541069d451b8a9a0a83c32b46ef05d67e5081aec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8a451a99283db6009add6c1d54794bc45cd297f1...541069d451b8a9a0a83c32b46ef05d67e5081aec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241011/af3c6943/attachment.htm>
