[Git][security-tracker-team/security-tracker][master] Revert fixed status for libxml2 issue in unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 26 20:40:22 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92c39422 by Salvatore Bonaccorso at 2024-09-26T21:40:06+02:00
Revert fixed status for libxml2 issue in unstable
We have a temporary revert back to 2.12.7+dfsg+really2.9.14-0.1
reintroducing these issues due to https://bugs.debian.org/1073508 .
Link: https://bugs.debian.org/1073508
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -36381,7 +36381,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A
CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...)
- - libxml2 2.12.7+dfsg-1 (unimportant; bug #1071162)
+ - libxml2 <unfixed> (unimportant; bug #1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7)
@@ -66040,7 +66040,7 @@ CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM
NOT-FOR-US: Meinberg
CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
[experimental] - libxml2 2.12.5+dfsg-0exp1
- - libxml2 2.12.7+dfsg-1 (bug #1063234)
+ - libxml2 <unfixed> (bug #1063234)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -88182,7 +88182,7 @@ CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.0
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
- - libxml2 2.12.7+dfsg-1 (bug #1053629)
+ - libxml2 <unfixed> (bug #1053629)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
@@ -94122,7 +94122,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
- - libxml2 2.12.7+dfsg-1 (bug #1051230)
+ - libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c39422194fb920592c71244a102bc99f07b7a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c39422194fb920592c71244a102bc99f07b7a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240926/700bdfea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list