[Git][security-tracker-team/security-tracker][master] bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca874b5c by Moritz Muehlenhoff at 2024-09-27T13:42:49+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,7 @@ CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordP
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can  ...)
 	- freeimage <unfixed>
+	[bookworm] - freeimage <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/freeimage/bugs/351/
 CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
@@ -290,6 +291,7 @@ CVE-2022-49037 (Insertion of sensitive information into log file vulnerability i
 	NOT-FOR-US: Synology
 CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability]
 	- bluez <unfixed>
+	[bookworm] - bluez <no-dsa> (Minor issue)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
 	NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
@@ -914,6 +916,7 @@ CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local
 	NOTE: https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d (0.54-1test1)
 CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...)
 	- qemu <unfixed> (bug #1082406)
+	[bookworm] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
 CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw all ...)
@@ -35139,7 +35142,9 @@ CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software f
 	NOT-FOR-US: Intel
 CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all versions may al ...)
 	- intel-mediasdk <unfixed>
+	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
 	- onevpl <unfixed>
+	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for Windows  ...)
 	NOT-FOR-US: Intel


=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,8 @@ node-dompurify
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+php8.2 (jmm)
+--
 python-aiohttp
 --
 python-reportlab



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/e92f3c40/attachment-0001.htm>