[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage thunderbird for bullseye LTS (CVE-2024-8381,...

Chris Lamb (@lamby) lamby at debian.org
Sat Sep 7 08:55:10 BST 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2148087a by Chris Lamb at 2024-09-07T08:53:17+01:00
data/dla-needed.txt: Triage thunderbird for bullseye LTS (CVE-2024-8381, CVE-2024-8382 & CVE-2024-8384)

- - - - -
79aaf07c by Chris Lamb at 2024-09-07T08:53:36+01:00
Triage CVE-2023-49582 in apr for bullseye LTS.

- - - - -
d03641f0 by Chris Lamb at 2024-09-07T08:54:09+01:00
Triage CVE-2024-45230 & CVE-2024-45231 in python-django for bullseye LTS.

- - - - -
0e2836c8 by Chris Lamb at 2024-09-07T08:54:39+01:00
Triage CVE-2024-1543 & CVE-2024-1545 in wolfssl for bullseye LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -981,11 +981,13 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
 CVE-2024-45231
 	- python-django 3:4.2.16-1
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199 (4.2.16)
 CVE-2024-45230
 	- python-django 3:4.2.16-1
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 (4.2.16)
 CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ...)
@@ -1440,10 +1442,12 @@ CVE-2024-2502 (An application can be configured to block boot attempts after con
 CVE-2024-1545 (Fault Injection vulnerability in RsaPrivateDecryption function in wolf ...)
 	- wolfssl 5.7.0-0.3
 	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
 CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up to ver ...)
 	- wolfssl 5.6.6-1.2
 	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
 CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the connection wit ...)
@@ -2235,6 +2239,7 @@ CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devi
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
 	- apr <unfixed> (bug #1080375)
 	[bookworm] - apr <no-dsa> (Minor issue)
+	[bullseye] - apr <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
 	NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
 CVE-2024-44942 (In the Linux kernel, the following vulnerability has been resolved:  f ...)


=====================================
data/dla-needed.txt
=====================================
@@ -210,6 +210,9 @@ texlive-bin
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2023-32668) (Beuc/front-desk)
 --
+thunderbird
+  NOTE: 20240907: Added by Front-Desk (lamby)
+--
 tinyproxy (Thorsten Alteholz)
   NOTE: 20240609: Added by oldstable Security Team (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b58f91feb40dadb0acf7637c82e8045d9f940c8...0e2836c8231e69b8801ac55e7baca746d3ec7f9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b58f91feb40dadb0acf7637c82e8045d9f940c8...0e2836c8231e69b8801ac55e7baca746d3ec7f9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240907/cb7ddca3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list