[Git][security-tracker-team/security-tracker][master] "new" chromium issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Sep 24 11:53:05 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9dd1e1b by Moritz Muehlenhoff at 2024-09-24T12:52:42+02:00
"new" chromium issues

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,20 +46,24 @@ CVE-2024-7024 (Inappropriate implementation in V8 in Google Chrome prior to 126.
 	{DSA-5710-1}
 	- chromium 126.0.6478.56-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-7023 (Insufficient data validation in Updater in Google Chrome prior to 128. ...)
 	- chromium <not-affected> (Windows-specific)
 CVE-2024-7022 (Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowe ...)
 	{DSA-5648-1}
 	- chromium 123.0.6312.58-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-7020 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...)
-	TODO: check
+	{DSA-5668-1}
+	- chromium 124.0.6367.60-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7019 (Inappropriate implementation in UI in Google Chrome prior to 124.0.636 ...)
-	TODO: check
+	{DSA-5668-1}
+	- chromium 124.0.6367.60-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7018 (Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 al ...)
-	TODO: check
+	{DSA-5675-1}
+	- chromium 124.0.6367.78-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-46957 (Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing  ...)
 	TODO: check
 CVE-2024-39928 (In Apache Linkis <= 1.5.0, a Random string security vulnerability in S ...)
@@ -75,9 +79,11 @@ CVE-2024-38266 (An improper restriction of operations within the bounds of a mem
 CVE-2024-21545 (Proxmox Virtual Environment is an open-source server management platfo ...)
 	NOT-FOR-US: Proxmox
 CVE-2023-7282 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...)
-	TODO: check
+	{DSA-5398-1}
+	- chromium 113.0.5672.63-1
 CVE-2023-7281 (Inappropriate implementation in Compositing in Google Chrome prior to  ...)
-	TODO: check
+	{DSA-5546-1}
+	- chromium 119.0.6045.105-1
 CVE-2023-5359 (The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Inf ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-42861 (An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote a ...)


=====================================
data/DSA/list
=====================================
@@ -342,7 +342,7 @@
 	{CVE-2024-4331 CVE-2024-4368}
 	[bookworm] - chromium 124.0.6367.118-1~deb12u1
 [26 Apr 2024] DSA-5675-1 chromium - security update
-	{CVE-2024-4058 CVE-2024-4059 CVE-2024-4060}
+	{CVE-2024-4058 CVE-2024-4059 CVE-2024-4060 CVE-2024-7018}
 	[bookworm] - chromium 124.0.6367.78-1~deb12u1
 [25 Apr 2024] DSA-5674-1 pdns-recursor - security update
 	{CVE-2024-25583}
@@ -367,7 +367,7 @@
 	[bullseye] - guix 1.2.0-4+deb11u2
 	[bookworm] - guix 1.4.0-3+deb12u1
 [20 Apr 2024] DSA-5668-1 chromium - security update
-	{CVE-2024-3832 CVE-2024-3833 CVE-2024-3834 CVE-2024-3837 CVE-2024-3838 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841 CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846 CVE-2024-3847 CVE-2024-3914}
+	{CVE-2024-3832 CVE-2024-3833 CVE-2024-3834 CVE-2024-3837 CVE-2024-3838 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841 CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846 CVE-2024-3847 CVE-2024-3914 CVE-2024-7019 CVE-2024-7020}
 	[bookworm] - chromium 124.0.6367.60-1~deb12u1
 [19 Apr 2024] DSA-5667-1 tomcat9 - security update
 	{CVE-2023-46589 CVE-2024-23672 CVE-2024-24549}
@@ -818,7 +818,7 @@
 	[bullseye] - pmix 4.0.0-4.1+deb11u1
 	[bookworm] - pmix 4.2.2-1+deb12u1
 [02 Nov 2023] DSA-5546-1 chromium - security update
-	{CVE-2023-5480 CVE-2023-5482 CVE-2023-5849 CVE-2023-5850 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858 CVE-2023-5859 CVE-2023-7011 CVE-2023-7013 CVE-2024-3174}
+	{CVE-2023-5480 CVE-2023-5482 CVE-2023-5849 CVE-2023-5850 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858 CVE-2023-5859 CVE-2023-7011 CVE-2023-7013 CVE-2024-3174 CVE-2023-7281}
 	[bullseye] - chromium 119.0.6045.105-1~deb11u1
 	[bookworm] - chromium 119.0.6045.105-1~deb12u1
 [02 Nov 2023] DSA-5545-1 vlc - security update
@@ -1357,7 +1357,7 @@
 	{CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186 CVE-2021-23203 CVE-2021-26263 CVE-2021-26947 CVE-2021-44476 CVE-2021-44775 CVE-2021-45071 CVE-2021-45111}
 	[bullseye] - odoo 14.0.0+dfsg.2-7+deb11u1
 [04 May 2023] DSA-5398-1 chromium - security update
-	{CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468}
+	{CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 CVE-2023-7282}
 	[bullseye] - chromium 113.0.5672.63-1~deb11u1
 [03 May 2023] DSA-5397-1 wpewebkit - security update
 	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9dd1e1b3dc31b3a3ef1654936713c4054c5a5e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9dd1e1b3dc31b3a3ef1654936713c4054c5a5e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240924/d9cdcfa6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list