[Git][security-tracker-team/security-tracker][master] 2 commits: lts: mark node-matrix-js-sdk issues as EOL
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Thu Jan 30 11:07:30 GMT 2025
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17edf5a1 by Emilio Pozuelo Monfort at 2025-01-30T12:02:00+01:00
lts: mark node-matrix-js-sdk issues as EOL
- - - - -
a2ba1043 by Emilio Pozuelo Monfort at 2025-01-30T12:07:13+01:00
lts: add bind9
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -22700,6 +22700,7 @@ CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to reg
CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
{DSA-5841-1 DLA-4012-1}
- node-matrix-js-sdk <removed>
+ [bullseye] - node-matrix-js-sdk <end-of-life> (see #1094651)
- thunderbird 1:128.5.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/#CVE-2024-50336
CVE-2024-50331 (An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 a ...)
@@ -32158,6 +32159,7 @@ CVE-2024-47771 (Element Desktop is a Matrix client for desktop platforms. Elemen
NOT-FOR-US: Element Desktop
CVE-2024-47080 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
- node-matrix-js-sdk <removed>
+ [bullseye] - node-matrix-js-sdk <end-of-life> (see #1094651)
CVE-2024-45276 (An unauthenticated remote attacker can get read access to files in the ...)
NOT-FOR-US: MB connect line GmbH
CVE-2024-45275 (The devices contain two hard coded user accounts with hardcoded passwo ...)
@@ -44268,6 +44270,7 @@ CVE-2024-42552 (Hotel Management System commit 91caab8 was discovered to contain
NOT-FOR-US: Hotel Management System
CVE-2024-42369 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
- node-matrix-js-sdk <removed>
+ [bullseye] - node-matrix-js-sdk <end-of-life> (see #1094651)
CVE-2024-42336 (Servision - CWE-287: Improper Authentication)
NOT-FOR-US: Servision
CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web Page Gen ...)
@@ -150120,6 +150123,7 @@ CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations. In
NOT-FOR-US: Laminas Diactoros
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
- node-matrix-js-sdk <removed>
+ [bullseye] - node-matrix-js-sdk <end-of-life> (see #1094651)
CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
CVE-2023-29527 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
=====================================
data/dla-needed.txt
=====================================
@@ -34,6 +34,9 @@ ansible
asterisk
NOTE: 20250105: Added by Front-Desk (apo)
--
+bind9
+ NOTE: 20250130: Added by Front-Desk (pochu)
+--
cacti
NOTE: 20241023: Added by Front-Desk (lamby)
NOTE: 20241103: Opened a git issue https://github.com/Cacti/cacti/issues/5896 for getting the upstream commit (rouca)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80775f6bebbfea087eed6cc2498f99cfe9e213cc...a2ba10436becce268b0d01a979e2aec9a5b016a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80775f6bebbfea087eed6cc2498f99cfe9e213cc...a2ba10436becce268b0d01a979e2aec9a5b016a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/676e2a3e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list