[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 17 08:53:44 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63f3ffef by Moritz Mühlenhoff at 2024-10-16T18:21:09+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2029,6 +2029,7 @@ CVE-2024-27457 (Improper check for unusual or exceptional conditions in Intel(R)
 	NOT-FOR-US: Intel
 CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 all ...)
 	- xhtml2pdf <unfixed> (bug #1084986)
+	[bookworm] - xhtml2pdf <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
 CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 1 ...)
 	NOT-FOR-US: FydeOS
@@ -2050,6 +2051,7 @@ CVE-2023-52952 (A vulnerability has been identified in HiMed Cockpit 12 pro (J31
 	NOT-FOR-US: Siemens
 CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...)
 	- fop <unfixed> (bug #1084985)
+	[bookworm] - fop <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/09/1
 	NOTE: https://issues.apache.org/jira/browse/FOP-3168
 	NOTE: https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134 (2_10)
@@ -9185,6 +9187,7 @@ CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow an
 	NOT-FOR-US: Cisco
 CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13. ...)
 	- ironic 1:26.1.0-1
+	[bookworm] - ironic <no-dsa> (Minor issue)
 	- ironic-python-agent 9.14.0-1
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/04/4
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2071740


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions
 --
+openjdk-17 (jmm)
+--
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63f3ffef71bf21f95979bb533e4c945d90f92e88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63f3ffef71bf21f95979bb533e4c945d90f92e88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/dbcf2c36/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list