[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage webkit2gtk for bullseye LTS (CVE-2024-27830,...

Thu Sep 26 23:19:13 BST 2024


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d392b2ef by Chris Lamb at 2024-09-26T14:40:21-07:00
data/dla-needed.txt: Triage webkit2gtk for bullseye LTS (CVE-2024-27830, CVE-2024-27838 & CVE-2024-27851)

- - - - -
5373c957 by Chris Lamb at 2024-09-26T14:40:22-07:00
Triage CVE-2023-XXXX in foot; not affected in 1.6.x

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -90090,8 +90090,9 @@ CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack
 CVE-2023-XXXX [code execution via malformed XTGETTCAP]
 	- foot 1.15.3-2 (bug #1053115)
 	[bookworm] - foot 1.13.1-2+deb12u1
-	[bullseye] - foot <no-dsa> (Minor issue)
+	[bullseye] - foot <not-affected> (XTGETTCAP support added later)
 	NOTE: https://codeberg.org/dnkl/foot/commit/8a5f2915e9d327d1517d1da49ce7e2303fe61d36
+	NOTE: Introduced by: https://codeberg.org/dnkl/foot/commit/3fa6bec91213525b031f76a67c6b685912dc6720
 CVE-2023-5183 (Unsafe deserialization of untrusted JSON allows execution of arbitrary ...)
 	NOT-FOR-US: Illumio
 CVE-2023-4934 (Authorization Bypass Through User-Controlled Key vulnerability in Usta ...)


=====================================
data/dla-needed.txt
=====================================
@@ -247,6 +247,9 @@ unbound (dleidert)
 upx-ucl
   NOTE: 20240815: Added by Front-Desk (Beuc)
 --
+webkit2gtk
+  NOTE: 20240926: Added by Front-Desk (lamby)
+--
 wireshark (Adrian Bunk)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/132c941c522735e7b49462184de557b5e888580c...5373c95798688a93bb6cc7d33a35b1926e09f705

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/132c941c522735e7b49462184de557b5e888580c...5373c95798688a93bb6cc7d33a35b1926e09f705
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240926/7188b8eb/attachment-0001.htm>
