[Git][security-tracker-team/security-tracker][master] bookworm triage

Fri Sep 6 12:45:57 BST 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34dc22b8 by Moritz Muehlenhoff at 2024-09-06T13:44:32+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,6 +3,7 @@ CVE-2024-34158
 	- golang-1.22 <unfixed>
 	- golang-1.21 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
 	NOTE: https://go.dev/issue/69141
@@ -11,6 +12,7 @@ CVE-2024-34156
 	- golang-1.22 <unfixed>
 	- golang-1.21 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
 	NOTE: https://go.dev/issue/69139
@@ -19,6 +21,7 @@ CVE-2024-34155
 	- golang-1.22 <unfixed>
 	- golang-1.21 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
 	NOTE: https://go.dev/issue/69138
@@ -212,6 +215,7 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (Cla
 	NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
 CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...)
 	- aardvark-dns 1.12.2-1 (bug #1080964)
+	[bookworm] - aardvark-dns <no-dsa> (Minor issue)
 	NOTE: https://github.com/containers/aardvark-dns/issues/500
 	NOTE: https://github.com/containers/aardvark-dns/pull/503
 	NOTE: https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42
@@ -833,10 +837,12 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
 	NOTE: https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 (3.10-branch)
 CVE-2024-45231
 	- python-django 3:4.2.16-1
+	[bookworm] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199 (4.2.16)
 CVE-2024-45230
 	- python-django 3:4.2.16-1
+	[bookworm] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 (4.2.16)
 CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ...)
@@ -1028,6 +1034,7 @@ CVE-2024-45509 (In MISP through 2.4.196, app/Controller/BookmarksController.php
 	NOT-FOR-US: MISP
 CVE-2024-45508 (HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ...)
 	- htmldoc <unfixed>
+	[bookworm] - htmldoc <no-dsa> (Minor issue)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/528
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2
 CVE-2024-45270 (WordPress plugin "Carousel Slider" provided by Sayful Islam contains a ...)
@@ -1289,9 +1296,11 @@ CVE-2024-2502 (An application can be configured to block boot attempts after con
 	NOT-FOR-US: Silabs
 CVE-2024-1545 (Fault Injection vulnerability in RsaPrivateDecryption function in wolf ...)
 	- wolfssl 5.7.0-0.3
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
 CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up to ver ...)
 	- wolfssl 5.6.6-1.2
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
 CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the connection wit ...)
@@ -1841,6 +1850,7 @@ CVE-2024-6688 (The Oxygen Builder plugin for WordPress is vulnerable to unauthor
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45321 (The App::cpanminus package through 1.7047 for Perl downloads code via  ...)
 	- cpanminus <unfixed>
+	[bookworm] - cpanminus <no-dsa> (Minor issue)
 	NOTE: https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
 	NOTE: https://github.com/miyagawa/cpanminus/issues/611
 	NOTE: https://github.com/miyagawa/cpanminus/pull/674
@@ -2080,6 +2090,7 @@ CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devi
 	NOT-FOR-US: GL-iNet devices
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
 	- apr <unfixed> (bug #1080375)
+	[bookworm] - apr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
 	NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
 CVE-2024-44942 (In the Linux kernel, the following vulnerability has been resolved:  f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dc22b8c6b08f550ef4b4e1bc61411bfa36cc01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dc22b8c6b08f550ef4b4e1bc61411bfa36cc01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240906/ef967eed/attachment.htm>
