[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2024-47554 in commons-io for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Oct 23 18:03:56 BST 2024
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6aec8999 by Chris Lamb at 2024-10-23T10:02:10-07:00
Triage CVE-2024-47554 in commons-io for bullseye LTS.
- - - - -
0df8498a by Chris Lamb at 2024-10-23T10:02:26-07:00
Triage CVE-2024-48948 in node-elliptic for bullseye LTS.
- - - - -
2484a8ba by Chris Lamb at 2024-10-23T10:02:50-07:00
Triage CVE-2024-47874 in starlette for bullseye LTS.
- - - - -
a9bcbc99 by Chris Lamb at 2024-10-23T10:03:14-07:00
Triage CVE-2024-6484 & CVE-2024-6485 in twitter-bootstrap3 for bullseye LTS.
- - - - -
cf64bf1f by Chris Lamb at 2024-10-23T10:03:36-07:00
Triage CVE-2024-6531 in twitter-bootstrap4 for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2921,6 +2921,7 @@ CVE-2024-49195 (Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun
CVE-2024-48948 (The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementatio ...)
- node-elliptic <unfixed> (bug #1085298)
[bookworm] - node-elliptic <no-dsa> (Minor issue)
+ [bullseye] - node-elliptic <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/indutny/elliptic/issues/321
NOTE: https://github.com/indutny/elliptic/pull/322
CVE-2024-48915 (Agent Dart is an agent library built for Internet Computer for Dart an ...)
@@ -2956,6 +2957,7 @@ CVE-2024-47876 (Sakai is a Collaboration and Learning Environment. Starting in v
CVE-2024-47874 (Starlette is an Asynchronous Server Gateway Interface (ASGI) framework ...)
- starlette 0.41.0-1 (bug #1085295)
[bookworm] - starlette <no-dsa> (Minor issue)
+ [bullseye] - starlette <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
NOTE: https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733 (0.40.0)
CVE-2024-47824 (matrix-react-sdk is react-based software development kit for inserting ...)
@@ -5630,6 +5632,7 @@ CVE-2024-47561 (Schema parsing in the Java SDK of Apache Avro 1.11.3 and previou
CVE-2024-47554 (Uncontrolled Resource Consumption vulnerability in Apache Commons IO. ...)
- commons-io 2.16.0-1
[bookworm] - commons-io <no-dsa> (Minor issue)
+ [bullseye] - commons-io <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
CVE-2024-45872 (Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x41 ...)
NOT-FOR-US: Bandisoft BandiView
@@ -24603,6 +24606,7 @@ CVE-2024-6643
CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
- twitter-bootstrap4 <unfixed> (bug #1084059)
[bookworm] - twitter-bootstrap4 <no-dsa> (Minor issue)
+ [bullseye] - twitter-bootstrap4 <postponed> (Minor issue; can be fixed in next update)
- twitter-bootstrap3 <not-affected> (Only affects 4.x)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
@@ -24611,11 +24615,13 @@ CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that co
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 <unfixed> (bug #1084060)
[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 <unfixed> (bug #1084060)
[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
NOT-FOR-US: Schneider Electric
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4c9ecf77c1c61a7846f3df5e3f9b9d72dd5e3a8...cf64bf1f915796d13419c037e0fbef48b92c587e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4c9ecf77c1c61a7846f3df5e3f9b9d72dd5e3a8...cf64bf1f915796d13419c037e0fbef48b92c587e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241023/9825eb36/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list