[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2019-0231 in mina for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Mon Jan 20 11:15:36 GMT 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e677b742 by Chris Lamb at 2025-01-20T11:12:43+00:00
Triage CVE-2019-0231 in mina for bullseye LTS.
- - - - -
3e6a9f8a by Chris Lamb at 2025-01-20T11:13:11+00:00
Triage CVE-2025-23207 in node-katex for bullseye LTS.
- - - - -
7bfbc8f6 by Chris Lamb at 2025-01-20T11:14:49+00:00
Triage CVE-2024-36623 in docker.io for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -285,6 +285,7 @@ CVE-2025-23208 (zot is a production-ready vendor-neutral OCI image registry. The
CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering ...)
- node-katex <unfixed> (bug #1093446)
[bookworm] - node-katex <no-dsa> (Minor issue)
+ [bullseye] - node-katex <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546
NOTE: https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c (v0.16.21)
TODO: check embeded code copy
@@ -14418,6 +14419,7 @@ CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the co
CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the streamformatter ...)
- docker.io 26.1.4+dfsg1-9
[bookworm] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb (v26.0.0-rc1)
CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnera ...)
NOT-FOR-US: RaspAP raspap-webgui
@@ -463751,6 +463753,7 @@ CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the
CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...)
- mina <unfixed>
[bookworm] - mina <no-dsa> (Minor issue)
+ [bullseye] - mina <postponed> (Minor issue; can be fixed in next update)
- mina2 2.1.4-1
CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...)
- libstruts1.2-java <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dfe82c9bec5615659fd52ce3ef5b8fea9c2d59d4...7bfbc8f62f0e80408d5360e3e8ff10287ee59668
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dfe82c9bec5615659fd52ce3ef5b8fea9c2d59d4...7bfbc8f62f0e80408d5360e3e8ff10287ee59668
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250120/cea61e3f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list