[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 24 11:49:26 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
101c6f45 by Moritz Muehlenhoff at 2025-04-24T12:49:16+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65923,10 +65923,10 @@ CVE-2024-47226 (A stored cross-site scripting (XSS) vulnerability exists in NetB
 CVE-2024-47221 (CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8 ...)
 	NOT-FOR-US: Rapid SCADA
 CVE-2024-47220 (An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. ...)
-	- ruby-webrick <unfixed> (bug #1082633)
+	- ruby-webrick 1.9.1-1 (bug #1082633)
 	[bookworm] - ruby-webrick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/webrick/issues/145
-	NOTE: Fixed by: https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
+	NOTE: Fixed by: https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7 (v1.8.2)
 CVE-2024-47219 (An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows ...)
 	NOT-FOR-US: vesoft NebulaGraph
 CVE-2024-47218 (An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows ...)
@@ -69497,9 +69497,11 @@ CVE-2024-8460 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: D-Link
 CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...)
 	{DLA-4021-1}
-	- 389-ds-base <unfixed> (bug #1082852)
+	- 389-ds-base 2.0.11-1 (bug #1082852)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310110
 	NOTE: CVE exists because of an insufficent/incomplete fix for CVE-2024-2199
+	NOTE: The precise details are not public, but this wasn't backported to any supported
+	NOTE: branch after 1.x, so marking the first 2.x upload as the fixed version
 CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries, whi ...)
 	NOT-FOR-US: FlyCASS CASS and KCM systems
 CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
@@ -99585,6 +99587,7 @@ CVE-2024-5095 (A vulnerability classified as problematic has been found in Victo
 	NOT-FOR-US: Victor Zsviot Camera
 CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, which make ...)
 	- nix <unfixed> (bug #1072706)
+	[trixie] - nix <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - nix <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - nix <no-dsa> (Minor issue)
 	NOTE: https://github.com/NixOS/nix/issues/969
@@ -121550,6 +121553,7 @@ CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not p
 	NOT-FOR-US: Net::IPAddress::Util Perl module
 CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...)
 	- libnetwork-ipv4addr-perl <unfixed> (bug #1072178)
+	[trixie] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
 	[buster] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit when fix is available)
@@ -121665,6 +121669,7 @@ CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & M
 	NOT-FOR-US: WooCommerce plugin
 CVE-2024-2467 (A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA  ...)
 	- libcrypt-openssl-rsa-perl <unfixed> (bug #1066969)
+	[trixie] - libcrypt-openssl-rsa-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libcrypt-openssl-rsa-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue)
 	[buster] - libcrypt-openssl-rsa-perl <postponed> (Minor issue; side-channel timing attack)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/101c6f45ca41fc89b291d46cb6439e2249f1657d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/101c6f45ca41fc89b291d46cb6439e2249f1657d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250424/7113aca2/attachment.htm>

More information about the debian-security-tracker-commits mailing list