[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jan 19 12:21:35 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2dc5be3 by Moritz Muehlenhoff at 2025-01-19T13:21:13+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,6 +52,7 @@ CVE-2025-23208 (zot is a production-ready vendor-neutral OCI image registry. The
 	NOT-FOR-US: zot
 CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering ...)
 	- node-katex <unfixed> (bug #1093446)
+	[bookworm] - node-katex <no-dsa> (Minor issue)
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546
 	NOTE: https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c (v0.16.21)
 	TODO: check embeded code copy
@@ -8682,6 +8683,7 @@ CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side request
 	NOT-FOR-US: IBM
 CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42 which ...)
 	- nagvis 1:1.9.42-1
+	[bookworm] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd (nagvis-1.9.42)
 	NOTE: https://github.com/NagVis/nagvis/commit/b5b1164007439de526df7d54d5c02d7732ba1c42 (nagvis-1.9.42)
 CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...)
@@ -25033,6 +25035,7 @@ CVE-2024-49762 (Pterodactyl is a free, open-source game server management panel.
 	NOT-FOR-US: Pterodactyl
 CVE-2024-49760 (OpenRefine is a free, open source tool for working with messy data. Th ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/478285afffea59c893ac472faa74898ab9e5e95a (3.8.3)
@@ -25058,30 +25061,36 @@ CVE-2024-48208 (pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There
 	NOTE: No security impact, basically just terminates the user's connection
 CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a modular we ...)
 	- openrefine-butterfly 1.2.6-1 (bug #1086042)
+	[bookworm] - openrefine-butterfly <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8
 	NOTE: https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c (1.2.6)
 CVE-2024-47882 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-j8hp-f2mj-586g
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/85594e75e7b36025f7b6a67dcd3ec253c5dff8c2
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/b0d5dd0a6a40369593f4a6b593e3e0ffa213339e (3.8.3)
 CVE-2024-47881 (OpenRefine is a free, open source tool for working with messy data. St ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/8a5cced755f9d4544cfc9fd1b9dc9274807b5020 (3.8.3)
 CVE-2024-47880 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-79jv-5226-783f
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/8060477fa53842ebabf43b63e039745932fa629d
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/fbf94fe3f001d6e2aa02e890930cf1affb0847b0 (3.8.3)
 CVE-2024-47879 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-3jm4-c6qf-jrh3
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/090924ca923489b6c94397cf1f5df7f7f78f0126
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/52c882a447d9efe8d3ef73b78468887c5da39790 (3.8.3)
 CVE-2024-47878 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
 	- openrefine 3.8.7-1 (bug #1086041)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-pw3x-c5vp-mfc3
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/10bf0874d67f1018a58b3732332d76b840192fea
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/37b375478eca41b8948b104bf6790ebf659a88cb (3.8.3)


=====================================
data/dsa-needed.txt
=====================================
@@ -50,6 +50,8 @@ openjpeg2
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+pagure
+--
 pam-u2f (carnil)
 --
 php-laravel-framework



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2dc5be373a10994282d880af75ee43a455a9c7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2dc5be373a10994282d880af75ee43a455a9c7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250119/65ced36b/attachment.htm>

More information about the debian-security-tracker-commits mailing list