[Git][security-tracker-team/security-tracker][master] update status of some older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Oct 26 14:46:17 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db77a662 by Moritz Muehlenhoff at 2024-10-26T15:23:46+02:00
update status of some older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19286,6 +19286,7 @@ CVE-2024-7531 (Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same b
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- nss 2:3.103-1
+ [bookworm] - nss <ignored> (Minor issue)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1905691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7531
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531
@@ -28898,12 +28899,12 @@ CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows
NOT-FOR-US: skycaiji
CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
- libde265 <unfixed> (bug #1074416)
- [bookworm] - libde265 <no-dsa> (Minor issue)
+ [bookworm] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
- libde265 <unfixed> (bug #1074416)
- [bookworm] - libde265 <no-dsa> (Minor issue)
+ [bookworm] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no server, u ...)
@@ -69367,20 +69368,19 @@ CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerabilit
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
NOTE: Introduced by: https://github.com/krb5/krb5/commit/c85894cfb784257a6acb4d77d8c75137d2508f5e (krb5-1.20-beta1)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
+ NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- - krb5 <unfixed> (bug #1064965)
- [bookworm] - krb5 <no-dsa> (Minor issue)
- [bullseye] - krb5 <no-dsa> (Minor issue)
- [buster] - krb5 <no-dsa> (Minor issue)
+ - krb5 <unfixed> (bug #1064965; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
+ NOTE: Codepath cannot be triggered via API calls, negligible security impact
+ NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
- - krb5 <unfixed> (bug #1064965)
- [bookworm] - krb5 <no-dsa> (Minor issue)
- [bullseye] - krb5 <no-dsa> (Minor issue)
- [buster] - krb5 <no-dsa> (Minor issue)
+ - krb5 <unfixed> (bug #1064965; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
+ NOTE: Unused codepath, negligible security impact
+ NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
NOT-FOR-US: Fluent Bit
CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db77a66218c8d7c3cca11444c9e25719c0fe7294
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db77a66218c8d7c3cca11444c9e25719c0fe7294
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241026/0380c2ea/attachment.htm>
More information about the debian-security-tracker-commits
mailing list