[Git][security-tracker-team/security-tracker][master] more RUSTSEC assignments for wasmtime

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 2 14:48:50 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6ce76c7 by Moritz Mühlenhoff at 2025-05-02T15:48:15+02:00
more RUSTSEC assignments for wasmtime

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65342,7 +65342,8 @@ CVE-2024-47816 (ImportDump is a mediawiki extension designed to automate user im
 CVE-2024-47815 (IncidentReporting is a MediaWiki extension for moving incident reports ...)
 	NOT-FOR-US: IncidentReporting MediaWiki extension
 CVE-2024-47813 (Wasmtime is an open source runtime for WebAssembly. Under certain conc ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime 21.0.2+dfsg-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0439.html
 CVE-2024-47812 (ImportDump is an extension for mediawiki designed to automate user imp ...)
 	NOT-FOR-US: ImportDump MediaWiki extension
 CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework. Backend  ...)
@@ -65350,7 +65351,8 @@ CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework. Ba
 CVE-2024-47773 (Discourse is an open source platform for community discussion. An atta ...)
 	NOT-FOR-US: Discourse
 CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's impleme ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime 21.0.2+dfsg-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0440.html
 CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security Monitor  ...)
 	NOT-FOR-US: Siemens
 CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security Monitor  ...)
@@ -118356,7 +118358,8 @@ CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is
 CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...)
 	NOT-FOR-US: SeaCMS
 CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime  ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime 21.0.2+dfsg-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0441.html
 CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.  ...)
 	NOT-FOR-US: PDF Viewer Macro for XWiki
 CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...)
@@ -234643,9 +234646,11 @@ CVE-2022-39396 (Parse Server is an open source backend that can be deployed to a
 CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
 	NOT-FOR-US: Vela
 CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0097.html
 CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0098.html
 CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
 	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0102.html
@@ -257994,7 +257999,8 @@ CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operat
 CVE-2022-31105 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected versions ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0095.html
 CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ...)
 	NOT-FOR-US: Node lettersanitizer
 CVE-2022-31102 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ce76c77da3454fcf15ed05c11501cbef5871e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ce76c77da3454fcf15ed05c11501cbef5871e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/e29577f2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list