[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2024-43788 in node-webpack for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue Sep 3 12:06:08 BST 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88e0c2d5 by Chris Lamb at 2024-09-03T12:02:28+01:00
Triage CVE-2024-43788 in node-webpack for bullseye LTS.

- - - - -
f0550773 by Chris Lamb at 2024-09-03T12:03:45+01:00
Triage CVE-2024-0109, CVE-2024-0110 & CVE-2024-0111 in nvidia-cuda-toolkit for bullseye LTS.

- - - - -
b9b7fc94 by Chris Lamb at 2024-09-03T12:05:15+01:00
Triage CVE-2024-45191, CVE-2024-45192 & CVE-2024-45193 in olm for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -226,14 +226,17 @@ CVE-2024-7717 (The WP Events Manager plugin for WordPress is vulnerable to time-
 CVE-2024-0111 (NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' wh ...)
 	- nvidia-cuda-toolkit <unfixed>
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
 CVE-2024-0110 (NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` wh ...)
 	- nvidia-cuda-toolkit <unfixed>
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
 CVE-2024-0109 (NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` wh ...)
 	- nvidia-cuda-toolkit <unfixed>
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
 CVE-2024-44946 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.10.7-1
@@ -936,6 +939,7 @@ CVE-2024-43788 (Webpack is a module bundler. Its main purpose is to bundle JavaS
 	[experimental] - node-webpack 5.94.0+dfsg1+~cs11.18.26-1
 	- node-webpack <unfixed>
 	[bookworm] - node-webpack <no-dsa> (Minor issue)
+	[bullseye] - node-webpack <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
 	NOTE: Fixed by: https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61 (v5.94.0)
 CVE-2024-43783 (The Apollo Router Core is a configurable, high-performance graph route ...)
@@ -1719,6 +1723,7 @@ CVE-2024-45201 (An issue was discovered in llama_index before 0.10.38. download/
 CVE-2024-45193 (An issue was discovered in Matrix libolm through 3.2.16. There is Ed25 ...)
 	- olm <unfixed> (bug #1079487)
 	[bookworm] - olm <ignored> (Minor issue, libolm is deprecated and won't be fixed)
+	[bullseye] - olm <ignored> (Minor issue; libolm deprecated upstream)
 	NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
 	NOTE: libolm is deprecated upstream:
 	NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
@@ -1726,6 +1731,7 @@ CVE-2024-45193 (An issue was discovered in Matrix libolm through 3.2.16. There i
 CVE-2024-45192 (An issue was discovered in Matrix libolm through 3.2.16. Cache-timing  ...)
 	- olm <unfixed> (bug #1079487)
 	[bookworm] - olm <ignored> (Minor issue, libolm is deprecated and won't be fixed)
+	[bullseye] - olm <ignored> (Minor issue; libolm deprecated upstream)
 	NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
 	NOTE: libolm is deprecated upstream:
 	NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
@@ -1733,6 +1739,7 @@ CVE-2024-45192 (An issue was discovered in Matrix libolm through 3.2.16. Cache-t
 CVE-2024-45191 (An issue was discovered in Matrix libolm through 3.2.16. The AES imple ...)
 	- olm <unfixed> (bug #1079487)
 	[bookworm] - olm <ignored> (Minor issue, libolm is deprecated and won't be fixed)
+	[bullseye] - olm <ignored> (Minor issue; libolm deprecated upstream)
 	NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
 	NOTE: libolm is deprecated upstream:
 	NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/209015e9bf873b9cb3ac45c55a3638f014eca5d1...b9b7fc946cef337eed1bce2bc4fd8d50769732f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/209015e9bf873b9cb3ac45c55a3638f014eca5d1...b9b7fc946cef337eed1bce2bc4fd8d50769732f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/d7b2464e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list