[Git][security-tracker-team/security-tracker][master] Reserve DLA-4149-1 for nagvis

[Daniel Leidert (@dleidert)]

Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee2c3034 by Daniel Leidert at 2025-05-01T02:16:22+02:00
Reserve DLA-4149-1 for nagvis

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -153171,7 +153171,6 @@ CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored
 CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...)
 	- nagvis 1:1.9.38-1
 	[bookworm] - nagvis <no-dsa> (Minor issue)
-	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/pull/356
 	NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38)
@@ -209080,7 +209079,6 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL
 	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read  ...)
 	- nagvis 1:1.9.34-1
-	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a (nagvis-1.9.34)
 CVE-2022-46944
@@ -214716,7 +214714,6 @@ CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compres
 	NOTE: https://github.com/python-pillow/Pillow/pull/6402
 CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...)
 	- nagvis 1:1.9.34-1
-	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34)
 CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...)
@@ -323502,7 +323499,6 @@ CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4
 	NOT-FOR-US: Nagios XI
 CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
 	- nagvis 1:1.9.29-1
-	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)
 	[stretch] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/275952cb7669d48861634e60583bc25291a101a2 (nagvis-1.9.29)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DLA-4149-1 nagvis - security update
+	{CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287 CVE-2024-13722 CVE-2024-13723 CVE-2024-47093}
+	[bullseye] - nagvis 1:1.9.25-2+deb11u1
 [30 Apr 2025] DLA-4126-2 jinja2 - regression update
 	[bullseye] - jinja2 2.11.3-1+deb11u4
 [30 Apr 2025] DLA-4148-1 vips - security update


=====================================
data/dla-needed.txt
=====================================
@@ -231,7 +231,7 @@ nagvis (dleidert)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
   NOTE: 20250119: when testing your fix for bookworm. (bunk)
   NOTE: 20250221: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/193 (ah)
-  NOTE: 20250423: WIP (dleidert)
+  NOTE: 20250501: DLA released; but we really should discuss #193 and I'll maybe take it (dleidert)
 --
 nginx
   NOTE: 20250207: Added by Front-Desk (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2c3034518f3c5d8b467ccc0008a3766f0c8387

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2c3034518f3c5d8b467ccc0008a3766f0c8387
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/a2178113/attachment.htm>