[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2024-8805 in bluez for bullseye LTS.

Fri Sep 27 18:18:19 BST 2024


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0caa262 by Chris Lamb at 2024-09-27T10:16:39-07:00
Triage CVE-2024-8805 in bluez for bullseye LTS.

- - - - -
b119d683 by Chris Lamb at 2024-09-27T10:17:51-07:00
Mark CVE-2023-48795/proftpd-dfsg as ignored.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -530,6 +530,7 @@ CVE-2022-49037 (Insertion of sensitive information into log file vulnerability i
 CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability]
 	- bluez <unfixed> (bug #1082849)
 	[bookworm] - bluez <no-dsa> (Minor issue)
+	[bullseye] - bluez <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
 	NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
@@ -75584,7 +75585,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- php-phpseclib3 3.0.35-1
 	- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
 	[bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u3
-	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
+	[bullseye] - proftpd-dfsg <ignored> (Minor issue)
 	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
 	- proftpd-mod-proxy 0.9.3-1 (bug #1059290)
 	[bookworm] - proftpd-mod-proxy 0.9.2-1+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8c2b3b329cf25cb28559a5b2d757396c19355d...b119d68356a7a6e0127c6fe9790dde431dba5004

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8c2b3b329cf25cb28559a5b2d757396c19355d...b119d68356a7a6e0127c6fe9790dde431dba5004
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/f84654f1/attachment.htm>
