[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Oct 13 19:37:10 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
090b27e7 by Moritz Muehlenhoff at 2024-10-13T20:36:48+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -204,6 +204,7 @@ CVE-2024-46088 (An arbitrary file upload vulnerability in the ProductAction.entp
 	NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management System
 CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
 	- h2o <unfixed> (bug #1084984)
+	[bookworm] - h2o <no-dsa> (Minor issue)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
 	NOTE: https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
 	NOTE: https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
@@ -211,6 +212,7 @@ CVE-2024-45402 (Picotls is a TLS protocol library that allows users select diffe
 	- picotls <itp> (bug #925405)
 CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
 	- h2o <unfixed> (bug #1084984)
+	[bookworm] - h2o <no-dsa> (Minor issue)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c
 	NOTE: https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a
 CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d ...)
@@ -257,6 +259,7 @@ CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that cou
 	NOT-FOR-US: Lenovo
 CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
 	- h2o <unfixed> (bug #1084984)
+	[bookworm] - h2o <no-dsa> (Minor issue)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj
 	NOTE: https://github.com/h2o/h2o/issues/3332
 	NOTE: https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
@@ -670,6 +673,7 @@ CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in lib
 	NOTE: https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)
 CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the Elliptic pac ...)
 	- node-elliptic 6.5.7+dfsg-1
+	[bookworm] - node-elliptic <no-dsa> (Minor issue)
 	NOTE: https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281 (v6.5.6)
 CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
 	NOT-FOR-US: Jira plugin
@@ -686,6 +690,7 @@ CVE-2024-9680 (An attacker was able to achieve code execution in the content pro
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
 CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not properly val ...)
 	- golang-github-containers-buildah <unfixed> (bug #1084980)
+	[bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
 	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317458
 CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism to see ...)
@@ -892,6 +897,7 @@ CVE-2024-46307 (A loop hole in the payment logic of Sparkshop v1.16 allows attac
 	NOT-FOR-US: Sparkshop
 CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a re ...)
 	- libcoap3 <unfixed> (bug #1084981)
+	[bookworm] - libcoap3 <no-dsa> (Minor issue)
 	- libcoap2 <removed>
 	- libcoap <removed>
 	NOTE: https://github.com/obgm/libcoap/issues/1509
@@ -1978,6 +1984,7 @@ CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to parse minecraft server
 	NOT-FOR-US: Minecraft MOTD Parser
 CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP servers.  ...)
 	- node-cookie 0.7.1+~0.6.0-1
+	[bookworm] - node-cookie <no-dsa> (Minor issue)
 	NOTE: https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
 	NOTE: https://github.com/jshttp/cookie/pull/167
 	NOTE: https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c (v0.7.0)
@@ -1997,6 +2004,7 @@ CVE-2024-47651 (This vulnerability exists in Shilpi Client Dashboard due to impr
 	NOT-FOR-US: Shilpi Client Dashboard
 CVE-2024-47211 (In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x a ...)
 	- ironic 1:26.1.0-1
+	[bookworm] - ironic <no-dsa> (Minor issue)
 	NOTE: https://security.openstack.org/ossa/OSSA-2024-004.html
 CVE-2024-47183 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
@@ -2411,6 +2419,7 @@ CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco
 	NOT-FOR-US: Cisco
 CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the Dockerfil ...)
 	- golang-github-containers-buildah <unfixed> (bug #1084980)
+	[bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
 	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
 CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before version 24. ...)
@@ -2769,6 +2778,7 @@ CVE-2024-47536 (Citizen is a MediaWiki skin that makes extensions part of the co
 	NOT-FOR-US: MediaWiki skin
 CVE-2024-47532 (RestrictedPython is a restricted execution environment for Python to r ...)
 	- restrictedpython <unfixed> (bug #1084057)
+	[bookworm] - restrictedpython <no-dsa> (Minor issue)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
 	NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6 (7.3)
 CVE-2024-47531 (Scout is a web-based visualizer for VCF-files. Due to the lack of sani ...)
@@ -30496,6 +30506,7 @@ CVE-2023-6491 (The Strong Testimonials plugin for WordPress is vulnerable to una
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51847 (An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cau ...)
 	- libcoap3 <unfixed> (bug #1084981)
+	[bookworm] - libcoap3 <no-dsa> (Minor issue)
 	- libcoap2 <removed>
 	- libcoap <removed>
 	NOTE: https://github.com/obgm/libcoap/issues/1509



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/090b27e72c355111a338df62c2a52607f5075349

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/090b27e72c355111a338df62c2a52607f5075349
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241013/c2fdb8f5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list