[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2024-57004,roundcube: bullseye is postponed

Sun Feb 9 09:48:23 GMT 2025


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33beed9d by Markus Koschany at 2025-02-09T10:48:01+01:00
CVE-2024-57004,roundcube: bullseye is postponed

Minor issue and disputed upstream.

- - - - -
5ecd5b31 by Markus Koschany at 2025-02-09T10:48:03+01:00
CVE-2024-12243,gnutls28: link to fixing commit

- - - - -
d8c71bf2 by Markus Koschany at 2025-02-09T10:48:03+01:00
Add gnutls28 to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -316,6 +316,7 @@ CVE-2024-12243
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
 	NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
+	NOTE: Fixed by https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892
 CVE-2024-12133
 	- libtasn1-6 4.20.0-1 (bug #1095406)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
@@ -1377,6 +1378,7 @@ CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in clas
 	NOT-FOR-US: ClassCMS
 CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 al ...)
 	- roundcube <unfixed> (bug #1095469)
+	[bullseye] - roundcube <postponed> (Minor issue)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/9767
 CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 ...)
 	TODO: check


=====================================
data/dla-needed.txt
=====================================
@@ -116,6 +116,9 @@ glewlwyd (Thorsten Alteholz)
   NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884 (Beuc/front-desk)
   NOTE: 20250112: testing package (ta)
 --
+gnutls28
+  NOTE: 20250209: Added by Front-Desk (apo)
+--
 grub2
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: high-profile package but not enough details yet. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8670fa5ec5c372faccada96a035b2ea46edd200d...d8c71bf25d7ef826a0b76483f798d5936aebaa54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8670fa5ec5c372faccada96a035b2ea46edd200d...d8c71bf25d7ef826a0b76483f798d5936aebaa54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/f41e39d1/attachment.htm>
