[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jan 19 21:52:55 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a364510 by Moritz Muehlenhoff at 2025-01-19T22:52:39+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5204,6 +5204,7 @@ CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based on
 	NOT-FOR-US: ChestnutCMS
 CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7 (master)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8 (master)
@@ -5211,6 +5212,7 @@ CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/c4d8790db85164714c92556fbc8e849e9df6355b (suricata-7.0.8)
 CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 (master)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d (master)
@@ -5220,6 +5222,7 @@ CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060 (suricata-7.0.8)
 CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd (master)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be (master)
@@ -5229,11 +5232,13 @@ CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e (suricata-7.0.8)
 CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb (master)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/470795e65ba77cffba3aed850313a5f23c4b278d (suricata-7.0.8)
 CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 (suricata-7.0.8)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba (suricata-7.0.8)
@@ -5313,12 +5318,15 @@ CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Comman
 	NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
 CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows by ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
 CVE-2024-56769 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.12.8-1
@@ -5566,6 +5574,7 @@ CVE-2024-10932 (The Backup Migration plugin for WordPress is vulnerable to PHP O
 	NOT-FOR-US: WordPress plugin
 CVE-2025-22376 (In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl,  ...)
 	- libnet-oauth-perl 0.30-1 (bug #1092056)
+	[bookworm] - libnet-oauth-perl <no-dsa> (Minor issue)
 	[bullseye] - libnet-oauth-perl <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/keeth/Net-OAuth/commit/2aa25e04aadab247ae4063363fcee177161e1f42 (0.29)
 	NOTE: Followup (bugfix): https://github.com/keeth/Net-OAuth/commit/2276807dbdd5c0cee2d09679e084c7fdfb401704 (0.30)
@@ -6504,9 +6513,11 @@ CVE-2023-48775 (Missing Authorization vulnerability in Gfazioli WP Cleanfix allo
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability  ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
 CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows po ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
 CVE-2024-45497 (A flaw was found in the OpenShift build process, where the docker-buil ...)
 	NOT-FOR-US: OpenShift
@@ -14410,7 +14421,7 @@ CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory leak vulnerability in th
 	NOT-FOR-US: Zulip
 CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in the FormL ...)
 	[experimental] - symfony 7.1.0~beta1+dfsg-1
-	- symfony <unfixed> (bug #1088817)
+	- symfony <unfixed> (unimportant; bug #1088817)
 	NOTE: https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995 (v7.1.0-BETA1)
 	NOTE: Not considered a security issue by upstream: https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
 CVE-2024-36610


=====================================
data/dsa-needed.txt
=====================================
@@ -63,8 +63,12 @@ ring
 --
 rsync (carnil)
 --
+snapcast (jmm)
+--
 sogo
 --
+sympa
+--
 tcpdf
 --
 trafficserver



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3645104c6f219c6dd37914c9f7bd53204f0749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3645104c6f219c6dd37914c9f7bd53204f0749
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250119/384189bc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list