[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 13 20:41:59 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2b7b239 by Moritz Muehlenhoff at 2024-09-13T21:41:43+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -851,6 +851,7 @@ CVE-2024-44087 (A vulnerability has been identified in Automation License Manage
NOT-FOR-US: Siemens
CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...)
- node-serve-static <unfixed> (bug #1081482)
+ [bookworm] - node-serve-static <no-dsa> (Minor issue)
NOTE: https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
NOTE: https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b (1.16.0)
NOTE: https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa (2.1.0)
@@ -860,6 +861,7 @@ CVE-2024-43799 (Send is a library for streaming files from the file system as a
NOTE: https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 (0.19.0)
CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...)
- node-express <unfixed> (bug #1081481)
+ [bookworm] - node-express <no-dsa> (Minor issue)
NOTE: https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
NOTE: https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 (4.20.0)
CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...)
@@ -1265,6 +1267,7 @@ CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored X
NOT-FOR-US: Craft CMS
CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. In certa ...)
- node-path-to-regexp <unfixed> (bug #1081656)
+ [bookworm] - node-path-to-regexp <no-dsa> (Minor issue)
NOTE: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j
NOTE: https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6 (v8.0.0)
CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that integrates ext ...)
@@ -2480,6 +2483,7 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
@@ -3450,6 +3454,7 @@ CVE-2024-6632 (A vulnerability exists in FileCatalyst Workflow whereby a field a
NOT-FOR-US: FileCatalyst Workflow
CVE-2024-5991 (In function MatchDomainName(), input param str is treated as a NULL te ...)
- wolfssl <unfixed>
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
NOTE: https://github.com/wolfSSL/wolfssl/pull/7604
CVE-2024-5814 (A malicious TLS1.2 server can force a TLS1.3 client with downgrade cap ...)
@@ -48076,7 +48081,8 @@ CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodeste
CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...)
NOT-FOR-US: Shibang Communications IP Network Intercom Broadcasting System
CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...)
- - upx-ucl 4.2.4-1
+ - upx-ucl 4.2.4-1 (unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/upx/upx/issues/841
CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...)
NOT-FOR-US: ermig1979 Simd
=====================================
data/dsa-needed.txt
=====================================
@@ -49,5 +49,7 @@ smarty4
--
twisted (jmm)
--
+xen
+--
zabbix
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2b7b23945a0aa1e9b9f134831e3c0c33eb5878e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2b7b23945a0aa1e9b9f134831e3c0c33eb5878e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/2bd9d21c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list