[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 24 16:25:41 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0aba0bb1 by Moritz Muehlenhoff at 2025-01-24T17:01:42+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,18 +21,22 @@ CVE-2024-55573 (An issue was discovered in Centreon centreon-web 24.10.x before
- centreon-web <itp> (bug #913903)
CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp of OpenI ...)
- openimageio <unfixed>
+ [bookworm] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4553
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/78927acce09bd4fd7d4d7dccf7b7d4eff4295fcf
CVE-2024-55194 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via ...)
- openimageio <unfixed>
+ [bookworm] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/34b29f33217e58b7f0d42c059ecf1696c381322a
CVE-2024-55193 (OpenImageIO v3.1.0.0dev was discovered to contain a segmentation viola ...)
- openimageio <unfixed>
+ [bookworm] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4551
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/d2077eb22a821d0ef7614d06cc1540b952d37ddf
CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via ...)
- openimageio <unfixed>
+ [bookworm] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/57de4554d119a9adab8ef5c51ff7841fb6f97041
CVE-2024-53923 (An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04. ...)
@@ -8347,6 +8351,7 @@ CVE-2024-56709 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 (6.13-rc4)
CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorit ...)
- grub2 <unfixed>
+ [bookworm] - grub2 <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?66603
CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in ...)
- grub2 <unfixed>
@@ -16548,6 +16553,7 @@ CVE-2024-11668 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-11407 (There exists a denial of service through Data corruption in gRPC-C++ - ...)
- grpc <unfixed> (bug #1088806)
+ [bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <not-affected> (vulnerable code introduced later)
NOTE: Fixed by: https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 (v1.68.0-pre1)
NOTE: Introduced by: https://github.com/grpc/grpc/commit/7655858e931d05ff6208c7e7e87ff0a0a069bef5 (v1.51.0-pre1)
=====================================
data/dsa-needed.txt
=====================================
@@ -47,7 +47,7 @@ nodejs
--
openjdk-17 (jmm)
--
-openjpeg2
+openjpeg2 (jmm)
--
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aba0bb1dad2cf88b043a521da404d7f1cab6f0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aba0bb1dad2cf88b043a521da404d7f1cab6f0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/e0baa11a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list