[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2024-47764 in node-cookie for bullseye LTS.

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42f40fa7 by Chris Lamb at 2024-10-22T15:02:38-07:00
Triage CVE-2024-47764 in node-cookie for bullseye LTS.

- - - - -
178ab274 by Chris Lamb at 2024-10-22T15:02:57-07:00
Triage CVE-2024-48949 in node-elliptic for bullseye LTS.

- - - - -
ed208aa0 by Chris Lamb at 2024-10-22T15:03:14-07:00
Triage CVE-2024-47532 in restrictedpython for bullseye LTS.

- - - - -
a4f61c8e by Chris Lamb at 2024-10-22T15:05:45-07:00
Triage CVE-2024-25885 in xhtml2pdf for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4026,6 +4026,7 @@ CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in lib
 CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the Elliptic pac ...)
 	- node-elliptic 6.5.7+dfsg-1
 	[bookworm] - node-elliptic <no-dsa> (Minor issue)
+	[bullseye] - node-elliptic <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281 (v6.5.6)
 CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
 	NOT-FOR-US: Jira plugin
@@ -4617,6 +4618,7 @@ CVE-2024-27457 (Improper check for unusual or exceptional conditions in Intel(R)
 CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 all ...)
 	- xhtml2pdf <unfixed> (bug #1084986)
 	[bookworm] - xhtml2pdf <no-dsa> (Minor issue)
+	[bullseye] - xhtml2pdf <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
 CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 1 ...)
 	NOT-FOR-US: FydeOS
@@ -5358,6 +5360,7 @@ CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to parse minecraft server
 CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP servers.  ...)
 	- node-cookie 0.7.1+~0.6.0-1
 	[bookworm] - node-cookie <no-dsa> (Minor issue)
+	[bullseye] - node-cookie <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
 	NOTE: https://github.com/jshttp/cookie/pull/167
 	NOTE: https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c (v0.7.0)
@@ -6157,6 +6160,7 @@ CVE-2024-47536 (Citizen is a MediaWiki skin that makes extensions part of the co
 CVE-2024-47532 (RestrictedPython is a restricted execution environment for Python to r ...)
 	- restrictedpython <unfixed> (bug #1084057)
 	[bookworm] - restrictedpython <no-dsa> (Minor issue)
+	[bullseye] - restrictedpython <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
 	NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6 (7.3)
 CVE-2024-47531 (Scout is a web-based visualizer for VCF-files. Due to the lack of sani ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05b5b91f2b1312332f31495cf7e5d49673f49c93...a4f61c8e0ebc2eb85a8645a003ce2e44ab71e883

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05b5b91f2b1312332f31495cf7e5d49673f49c93...a4f61c8e0ebc2eb85a8645a003ce2e44ab71e883
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241022/e5c7deda/attachment-0001.htm>