[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 11 08:22:51 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52b60e84 by Moritz Muehlenhoff at 2024-09-11T09:22:10+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -919,6 +919,7 @@ CVE-2024-6792 (The WP ULike  WordPress plugin before 4.7.2.1 does not properly s
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...)
 	- tgt <unfixed> (bug #1081158)
+	[bookworm] - tgt <no-dsa> (Minor issue)
 	NOTE: https://github.com/fujita/tgt/pull/67
 	NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/07/2
@@ -1017,6 +1018,7 @@ CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack bu
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
 CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1 ...)
 	- mbedtls <unfixed>
+	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
 CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.0 ...)
 	NOT-FOR-US: Adobe


=====================================
data/dsa-needed.txt
=====================================
@@ -11,13 +11,15 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+activemq
 --
 chromium (dilinger)
 --
 dnsmasq
   Lee Garrett showed interest to prepare an update for review
 --
-expat
+expat (jmm)
   Maintainer proposed debdiffs for review
 --
 frr
@@ -51,10 +53,7 @@ smarty3
 --
 smarty4
 --
-twisted
---
-xen
-  Might not be needed as maintainer did aim to have the version included in the upcoming point release
+twisted (jmm)
 --
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b60e84e7ef13f7193fde87b7842d770e03bec6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b60e84e7ef13f7193fde87b7842d770e03bec6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240911/0abc40a9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list