[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 17 08:21:33 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ec0464b by Moritz Muehlenhoff at 2025-01-17T09:21:21+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -324,6 +324,7 @@ CVE-2024-45341
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/71156
@@ -333,6 +334,7 @@ CVE-2024-45336
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/70530
@@ -526,6 +528,7 @@ CVE-2025-20072 (Mattermost Mobile versions <= 2.22.0 fail to properly validate t
NOT-FOR-US: Mattermost Mobile
CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg all ...)
- ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
CVE-2025-0473 (Vulnerability in the PMB platform that allows an attacker to persist t ...)
TODO: check
@@ -2100,118 +2103,148 @@ CVE-2024-57811 (In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with n
NOT-FOR-US: Eaton
CVE-2024-57664 (An issue in the sqlg_group_node component of openlink virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1211
CVE-2024-57663 (An issue in the sqlg_place_dpipes component of openlink virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1218
NOTE: https://github.com/openlink/virtuoso-opensource/commit/f43a780d70544af89e9af3c62213db81fdd80b2b (v7.2.12)
CVE-2024-57662 (An issue in the sqlg_hash_source component of openlink virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1217
NOTE: https://github.com/openlink/virtuoso-opensource/commit/834b99868e4ac3cfd778f6f4ad9476764f3c09b6 (v7.2.12)
CVE-2024-57661 (An issue in the sqlo_df component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1220
NOTE: https://github.com/openlink/virtuoso-opensource/commit/a6061c06256a46d87c9e037b9b462259960163bf (v7.2.12)
CVE-2024-57660 (An issue in the sqlo_expand_jts component of openlink virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1221
NOTE: https://github.com/openlink/virtuoso-opensource/commit/976880190ee0fcecffac03a6929d268152de3a61 (v7.2.12)
CVE-2024-57659 (An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-op ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1212
NOTE: https://github.com/openlink/virtuoso-opensource/commit/59c5767996062a0949b5412822ec8cca1962589f (v7.2.12)
CVE-2024-57658 (An issue in the sql_tree_hash_1 component of openlink virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1209
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2fdea48eba6156914c1ba4f488895166c0c00462 (v7.2.12)
CVE-2024-57657 (An issue in the sqlg_vec_upd component of openlink virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1219
NOTE: https://github.com/openlink/virtuoso-opensource/commit/cdb0bc3e414e15e2153515af07056daebd3d9153 (v7.2.12)
CVE-2024-57656 (An issue in the sqlc_add_distinct_node component of openlink virtuoso- ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1210
NOTE: https://github.com/openlink/virtuoso-opensource/commit/7f529772659db67c720f32898abbbe97b0d25a34 (v7.2.12)
CVE-2024-57655 (An issue in the dfe_n_in_order component of openlink virtuoso-opensour ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1216
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2657d5396fb77885c645c7106a7e046a1ccb209d (v7.2.12)
CVE-2024-57654 (An issue in the qst_vec_get_int64 component of openlink virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1205
NOTE: https://github.com/openlink/virtuoso-opensource/commit/de5a2fd87577b8bd72ce009fe6b9d374b5d94742 (v7.2.12)
CVE-2024-57653 (An issue in the qst_vec_set_copy component of openlink virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1208
NOTE: https://github.com/openlink/virtuoso-opensource/commit/90d7d3e12d7ea62ed2ed0274d03f33a1cd65c58b (v7.2.12)
CVE-2024-57652 (An issue in the numeric_to_dv component of openlink virtuoso-opensourc ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1198
NOTE: https://github.com/openlink/virtuoso-opensource/commit/b14ad6460418c2fbaf3f278b75d7b27da361a297 (v7.2.12)
CVE-2024-57651 (An issue in the jp_add component of openlink virtuoso-opensource v7.2. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1196
NOTE: https://github.com/openlink/virtuoso-opensource/commit/d905d53aa5d8f17877898b0196d07a53121e551f (v7.2.12)
CVE-2024-57650 (An issue in the qi_inst_state_free component of openlink virtuoso-open ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1204
NOTE: https://github.com/openlink/virtuoso-opensource/commit/3d1a576d8d0bdd295bf7529a544ed6d13976bbe4 (v7.2.12)
CVE-2024-57649 (An issue in the qst_vec_set component of openlink virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1206
NOTE: https://github.com/openlink/virtuoso-opensource/commit/8f26eaca48cf6368962893326407b0aaeecce7f5 (v7.2.12)
CVE-2024-57648 (An issue in the itc_set_param_row component of openlink virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1195
NOTE: https://github.com/openlink/virtuoso-opensource/commit/97291b7abad04bce0c60c952b48b529724c1016c (v7.2.12)
CVE-2024-57647 (An issue in the row_insert_cast component of openlink virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1207
CVE-2024-57646 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1199
NOTE: https://github.com/openlink/virtuoso-opensource/commit/301135ac866ac434e8d87c5960ea324a196fe82d (v7.2.12)
CVE-2024-57645 (An issue in the qi_inst_state_free component of openlink virtuoso-open ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1197
NOTE: https://github.com/openlink/virtuoso-opensource/commit/97291b7abad04bce0c60c952b48b529724c1016c (v7.2.12)
CVE-2024-57644 (An issue in the itc_hash_compare component of openlink virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1193
NOTE: https://github.com/openlink/virtuoso-opensource/commit/f5c9f5eaabd423ebdf4bc7b1472bab2865f94e5e (v7.2.12)
CVE-2024-57643 (An issue in the box_deserialize_string component of openlink virtuoso- ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1181
CVE-2024-57642 (An issue in the dfe_inx_op_col_def_table component of openlink virtuos ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1191
NOTE: https://github.com/openlink/virtuoso-opensource/commit/fb0cf1cdd1ec20e226d8f0eb41710eaf8093437b (v7.2.12)
CVE-2024-57641 (An issue in the sqlexp component of openlink virtuoso-opensource v7.2. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1183
NOTE: https://github.com/openlink/virtuoso-opensource/commit/b0db2ad4a32a033f5953680781e90a21bc388161 (v7.2.12)
CVE-2024-57640 (An issue in the dc_add_int component of openlink virtuoso-opensource v ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1184
NOTE: https://github.com/openlink/virtuoso-opensource/commit/d15cde608dcbd7f6d76c3a07b366db176ee06e5d (v7.2.12)
CVE-2024-57639 (An issue in the dc_elt_size component of openlink virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1185
NOTE: https://github.com/openlink/virtuoso-opensource/commit/766abd31eea11445a7086ec94955db3e328fddf7 (v7.2.12)
CVE-2024-57638 (An issue in the dfe_body_copy component of openlink virtuoso-opensourc ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1190
NOTE: https://github.com/openlink/virtuoso-opensource/commit/fb0cf1cdd1ec20e226d8f0eb41710eaf8093437b (v7.2.12)
CVE-2024-57637 (An issue in the dfe_unit_gb_dependant component of openlink virtuoso-o ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1192
CVE-2024-57636 (An issue in the itc_sample_row_check component of openlink virtuoso-op ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1194
NOTE: https://github.com/openlink/virtuoso-opensource/commit/b14ad6460418c2fbaf3f278b75d7b27da361a297 (v7.2.12)
CVE-2024-57635 (An issue in the chash_array component of openlink virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1182
NOTE: https://github.com/openlink/virtuoso-opensource/commit/18fe9fdd2ef8380d1c7fcd48a2f6e6e401817724 (v7.2.12)
CVE-2024-57634 (An issue in the exp_copy component of MonetDB Server v11.49.1 allows a ...)
@@ -7621,6 +7654,7 @@ CVE-2024-8992 (Some Honor products are affected by information leak vulnerabilit
NOT-FOR-US: Honor
CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /et ...)
- shadow <unfixed>
+ [bookworm] - shadow <no-dsa> (Minor issue)
NOTE: https://github.com/shadow-maint/shadow/issues/1157
CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Exe ...)
NOT-FOR-US: TOTOLINK
@@ -13870,11 +13904,13 @@ CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the co
NOT-FOR-US: Zulip
CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the streamformatter ...)
- docker.io 26.1.4+dfsg1-9
+ [bookworm] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb (v26.0.0-rc1)
CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnera ...)
NOT-FOR-US: RaspAP raspap-webgui
CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in builder/builder-next/a ...)
- docker.io 26.1.4+dfsg1-9
+ [bookworm] - docker.io <no-dsa> (Minor issue)
[bullseye] - docker.io <postponed> (minor; DoS by ressource leak)
NOTE: https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e (v26.0.0-rc2)
CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via d ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ frr
gh
Santiago Vila might work on preparing an update
--
+git (carnil)
+--
jetty9
--
libreswan
@@ -51,6 +53,8 @@ php-laravel-framework
python-django
Chris is working on it
--
+redis
+--
ring
--
rsync (carnil)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec0464bb7b9d5a838e7c89bbb87f7f8d71fee5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec0464bb7b9d5a838e7c89bbb87f7f8d71fee5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250117/8dbc069f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list