[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jan 18 16:17:06 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a3335701 by Moritz Muehlenhoff at 2025-01-18T17:16:47+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5886,6 +5886,7 @@ CVE-2025-22214 (Landray EIS 2001 through 2006 allows Message/fi_message_receiver
NOT-FOR-US: WordPress pluginEIS
CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builti ...)
- libnet-easytcp-perl <unfixed>
+ [bookworm] - libnet-easytcp-perl <ignored> (Scheduled for removal)
NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/184
NOTE: Related to CVE-2002-20002 (direct use of rand for version before < 0.15)
CVE-2024-56829 (Huang Yaoshi Pharmaceutical Management Software through 16.0 allows ar ...)
@@ -8227,10 +8228,12 @@ CVE-2024-56362 (Navidrome is an open source web-based music collection server an
NOT-FOR-US: Navidrome
CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An oversight ...)
- jinja2 <unfixed> (bug #1091331)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
NOTE: Fixed by: https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 (3.1.5)
CVE-2024-56201 (Jinja is an extensible templating engine. In versions on the 3.x branc ...)
- jinja2 <unfixed> (bug #1091329)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
NOTE: https://github.com/pallets/jinja/issues/1792
NOTE: Fixed by: https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f (3.1.5)
@@ -8723,6 +8726,7 @@ CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of PHPGurukul
NOT-FOR-US: PHPGurukul Online Notes Sharing Management System
CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation violation via t ...)
- iperf3 3.18-1 (bug #1090931)
+ [bookworm] - iperf3 <no-dsa> (Minor issue)
NOTE: https://github.com/esnet/iperf/pull/1810
NOTE: https://github.com/esnet/iperf/commit/3f66f604df7f1038a49108c48612c2f4fe71331f (3.18)
CVE-2024-51532 (Dell PowerStore contains an Improper Neutralization of Argument Delimi ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,10 @@ git (carnil)
--
jetty9
--
+jpeg-xl
+--
+libreoffice (jmm)
+--
libreswan
Waiting on feedback from maintainer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a33357014c147a3ca8c375a65f8c250892dd222d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a33357014c147a3ca8c375a65f8c250892dd222d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250118/a2160742/attachment.htm>
More information about the debian-security-tracker-commits
mailing list