[Git][security-tracker-team/security-tracker][master] triage of older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Oct 27 18:59:41 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fa8b5d9 by Moritz Muehlenhoff at 2024-10-27T19:58:02+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -72604,7 +72604,7 @@ CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks
CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
[experimental] - exiv2 0.28.2+dfsg-1
- exiv2 0.28.3+dfsg-2 (bug #1070392)
- [bookworm] - exiv2 <no-dsa> (Minor issue)
+ [bookworm] - exiv2 <ignored> (Minor issue)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36
@@ -72634,7 +72634,7 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb
CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
[experimental] - exiv2 0.28.2+dfsg-1
- exiv2 0.28.3+dfsg-2 (bug #1070392)
- [bookworm] - exiv2 <no-dsa> (Minor issue)
+ [bookworm] - exiv2 <ignored> (Minor issue)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w
@@ -78911,7 +78911,7 @@ CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge app
NOT-FOR-US: ScaleFusion
CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...)
- exiftags <unfixed> (bug #1060753)
- [bookworm] - exiftags <no-dsa> (Minor issue)
+ [bookworm] - exiftags <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - exiftags <no-dsa> (Minor issue)
[buster] - exiftags <no-dsa> (Minor issue)
NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/
@@ -115664,7 +115664,7 @@ CVE-2023-2501
REJECTED
CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
- etcd 3.4.30-1 (bug #1036295)
- [bookworm] - etcd <no-dsa> (Minor issue)
+ [bookworm] - etcd <ignored> (Minor issue)
[bullseye] - etcd <no-dsa> (Minor issue)
[buster] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/etcd-io/etcd/pull/15656
@@ -242489,14 +242489,14 @@ CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bi
CVE-2021-41737
RESERVED
- faust <unfixed> (bug #1014783)
- [bookworm] - faust <no-dsa> (Minor issue)
+ [bookworm] - faust <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
NOTE: https://github.com/grame-cncm/faust/issues/653
CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...)
- faust <unfixed> (bug #1014783)
- [bookworm] - faust <no-dsa> (Minor issue)
+ [bookworm] - faust <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
@@ -277213,7 +277213,7 @@ CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer derefe
- libredwg <itp> (bug #595191)
CVE-2021-28235 (Authentication vulnerability found in Etcd-io v.3.4.10 allows remote a ...)
- etcd 3.4.30-1 (bug #1034840)
- [bookworm] - etcd <no-dsa> (Minor issue)
+ [bookworm] - etcd <ignored> (Minor issue)
[bullseye] - etcd <no-dsa> (Minor issue)
[buster] - etcd <no-dsa> (Minor issue; only when debug is enabled)
NOTE: https://github.com/etcd-io/etcd/pull/15648
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa8b5d986f0a0f62e88c4f1f1a2781b6560cecf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa8b5d986f0a0f62e88c4f1f1a2781b6560cecf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241027/2ad9882e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list