[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35247fde by Moritz Muehlenhoff at 2025-04-21T20:02:19+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56128,7 +56128,7 @@ CVE-2024-9162 (The All-in-One WP Migration and Backup plugin for WordPress is vu
 	NOT-FOR-US: WordPress plugin
 CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle at ...)
 	[experimental] - kmail-account-wizard 4:24.08.0-1
-	- kmail-account-wizard <unfixed> (bug #1086198)
+	- kmail-account-wizard 4:24.12.0-2 (bug #1086198)
 	[bookworm] - kmail-account-wizard <no-dsa> (Minor issue)
 	[bullseye] - kmail-account-wizard <postponed> (Minor issue)
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=487882
@@ -68015,7 +68015,7 @@ CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router
 CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...)
 	NOT-FOR-US: Siemens
 CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...)
-	- node-serve-static <unfixed> (bug #1081482)
+	- node-serve-static 2.1.0+~1.15.7-1 (bug #1081482)
 	[bookworm] - node-serve-static <no-dsa> (Minor issue)
 	[bullseye] - node-serve-static <postponed> (Minor issue)
 	NOTE: https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
@@ -84073,14 +84073,14 @@ CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be i
 	NOT-FOR-US: /n software IPWorks SSH library SFTPServer component
 CVE-2024-6564 (Buffer overflow in "rcar_dev_init"  due to using due to using untruste ...)
 	[experimental] - arm-trusted-firmware 2.12.0+dfsg-1
-	- arm-trusted-firmware <unfixed> (bug #1076042)
+	- arm-trusted-firmware 2.12.0+dfsg-2 (bug #1076042)
 	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
 	[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
 	NOTE: https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2
 	NOTE: https://asrg.io/security-advisories/cve-2024-6564/
 CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
 	[experimental] - arm-trusted-firmware 2.12.0+dfsg-1
-	- arm-trusted-firmware <unfixed> (bug #1076042)
+	- arm-trusted-firmware 2.12.0+dfsg-2 (bug #1076042)
 	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
 	[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
 	NOTE: https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164
@@ -495395,6 +495395,7 @@ CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity inje
 	NOT-FOR-US: Apache Camel
 CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
 	- jakarta-jmeter <unfixed> (bug #1014709)
+	[trixie] - jakarta-jmeter <no-dsa> (Minor issue)
 	[bookworm] - jakarta-jmeter <no-dsa> (Minor issue)
 	[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
 	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -525358,6 +525359,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo
 	NOT-FOR-US: TitanHQ WebTitan Gateway
 CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
 	- jabberd2 <unfixed> (low; bug #902783)
+	[trixie] - jabberd2 <ignored> (Minor issue, default init system not affected)
 	[bookworm] - jabberd2 <ignored> (Minor issue, default init system not affected)
 	[bullseye] - jabberd2 <ignored> (Minor issue, default init system not affected)
 	[buster] - jabberd2 <ignored> (Minor issue, default init system not affected)
@@ -545500,6 +545502,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...)
 	- jakarta-jmeter <unfixed> (low; bug #897259)
+	[trixie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[bookworm] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
@@ -545531,7 +545534,8 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.
 	- kafka <itp> (bug #786460)
 CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
 	- jakarta-jmeter <unfixed> (low; bug #1014709)
-	[bookworm] - jakarta-jmeter <no-dsa> (Minor issue)
+	[trixie] - jakarta-jmeter <ignored> (Minor issue)
+	[bookworm] - jakarta-jmeter <ignored> (Minor issue)
 	[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
 	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
 	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35247fded536b5e1614aa84b86ef27dd752ff576

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35247fded536b5e1614aa84b86ef27dd752ff576
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/41582110/attachment-0001.htm>