[Git][security-tracker-team/security-tracker][master] triage of older issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1fa8b5d9 by Moritz Muehlenhoff at 2024-10-27T19:58:02+01:00
triage of older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72604,7 +72604,7 @@ CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks
 CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
 	- exiv2 0.28.3+dfsg-2 (bug #1070392)
-	[bookworm] - exiv2 <no-dsa> (Minor issue)
+	[bookworm] - exiv2 <ignored> (Minor issue)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36
@@ -72634,7 +72634,7 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb
 CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
 	- exiv2 0.28.3+dfsg-2 (bug #1070392)
-	[bookworm] - exiv2 <no-dsa> (Minor issue)
+	[bookworm] - exiv2 <ignored> (Minor issue)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w
@@ -78911,7 +78911,7 @@ CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge app
 	NOT-FOR-US: ScaleFusion
 CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...)
 	- exiftags <unfixed> (bug #1060753)
-	[bookworm] - exiftags <no-dsa> (Minor issue)
+	[bookworm] - exiftags <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - exiftags <no-dsa> (Minor issue)
 	[buster] - exiftags <no-dsa> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/
@@ -115664,7 +115664,7 @@ CVE-2023-2501
 	REJECTED
 CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
 	- etcd 3.4.30-1 (bug #1036295)
-	[bookworm] - etcd <no-dsa> (Minor issue)
+	[bookworm] - etcd <ignored> (Minor issue)
 	[bullseye] - etcd <no-dsa> (Minor issue)
 	[buster] - etcd <no-dsa> (Minor issue)
 	NOTE: https://github.com/etcd-io/etcd/pull/15656
@@ -242489,14 +242489,14 @@ CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bi
 CVE-2021-41737
 	RESERVED
 	- faust <unfixed> (bug #1014783)
-	[bookworm] - faust <no-dsa> (Minor issue)
+	[bookworm] - faust <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - faust <no-dsa> (Minor issue)
 	[buster] - faust <no-dsa> (Minor issue)
 	[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
 	NOTE: https://github.com/grame-cncm/faust/issues/653
 CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the  ...)
 	- faust <unfixed> (bug #1014783)
-	[bookworm] - faust <no-dsa> (Minor issue)
+	[bookworm] - faust <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - faust <no-dsa> (Minor issue)
 	[buster] - faust <no-dsa> (Minor issue)
 	[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
@@ -277213,7 +277213,7 @@ CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer derefe
 	- libredwg <itp> (bug #595191)
 CVE-2021-28235 (Authentication vulnerability found in Etcd-io v.3.4.10 allows remote a ...)
 	- etcd 3.4.30-1 (bug #1034840)
-	[bookworm] - etcd <no-dsa> (Minor issue)
+	[bookworm] - etcd <ignored> (Minor issue)
 	[bullseye] - etcd <no-dsa> (Minor issue)
 	[buster] - etcd <no-dsa> (Minor issue; only when debug is enabled)
 	NOTE: https://github.com/etcd-io/etcd/pull/15648



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa8b5d986f0a0f62e88c4f1f1a2781b6560cecf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa8b5d986f0a0f62e88c4f1f1a2781b6560cecf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241027/2ad9882e/attachment.htm>