Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae90db2f by Chris Lamb at 2024-01-17T10:50:46+00:00
data/dla-needed.txt: Triage xorg-server for buster LTS (CVE-2023-6816,
CVE-2024-0229 & CVE-2024-0408)
- - - - -
cc17a071 by Chris Lamb at 2024-01-17T10:51:32+00:00
Triage CVE-2023-44487 in grpc for buster LTS.
- - - - -
152b362e by Chris Lamb at 2024-01-17T10:52:00+00:00
Triage CVE-2023-52339 in libebml for buster LTS.
- - - - -
12e88488 by Chris Lamb at 2024-01-17T10:52:20+00:00
Triage CVE-2024-21647 in puma for buster LTS.
- - - - -
8d27bcc8 by Chris Lamb at 2024-01-17T10:52:42+00:00
Triage CVE-2023-52323 in pycryptodome for buster LTS.
- - - - -
55dff7d8 by Chris Lamb at 2024-01-17T10:54:05+00:00
Triage CVE-2023-48795 in trilead-ssh2 for buster LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1076,6 +1076,7 @@ CVE-2023-52339 (In libebml before 1.4.5, an integer
overflow in MemIOCallback.cp
- libebml 1.4.5-1
[bookworm] - libebml <no-dsa> (Minor issue)
[bullseye] - libebml <no-dsa> (Minor issue)
+ [buster] - libebml <no-dsa> (Minor issue)
NOTE: https://github.com/Matroska-Org/libebml/issues/147
NOTE: https://github.com/Matroska-Org/libebml/pull/148
NOTE:
https://github.com/Matroska-Org/libebml/commit/4d577f5c3e267b2988d56dafebc82dedb4c45506
(master)
@@ -2107,6 +2108,7 @@ CVE-2024-21647 (Puma is a web server for Ruby/Rack
applications built for parall
- puma <unfixed> (bug #1060345)
[bookworm] - puma <no-dsa> (Minor issue)
[bullseye] - puma <no-dsa> (Minor issue)
+ [buster] - puma <no-dsa> (Minor issue)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
NOTE:
https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d
(v5.6.8)
CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in
pure Py ...)
@@ -2711,6 +2713,7 @@ CVE-2023-52323 (PyCryptodome and pycryptodomex before
3.19.1 allow side-channel
- pycryptodome <unfixed> (bug #1060059)
[bookworm] - pycryptodome <no-dsa> (Minor issue)
[bullseye] - pycryptodome <no-dsa> (Minor issue)
+ [buster] - pycryptodome <no-dsa> (Minor issue)
NOTE:
https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd
(v3.19.1)
CVE-2023-52184 (Cross-Site Request Forgery (CSRF) vulnerability in WP Job
Portal WP Jo ...)
NOT-FOR-US: WordPress plugin
@@ -5591,6 +5594,7 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
- trilead-ssh2 <unfixed> (bug #1059294)
[bookworm] - trilead-ssh2 <no-dsa> (Minor issue)
[bullseye] - trilead-ssh2 <no-dsa> (Minor issue)
+ [buster] - trilead-ssh2 <no-dsa> (Minor issue)
NOTE: https://terrapin-attack.com/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
NOTE: dropbear:
https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
@@ -18134,6 +18138,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of
service (server resource
- grpc <unfixed>
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <no-dsa> (Minor issue)
+ [buster] - grpc <no-dsa> (Minor issue)
- h2o 2.2.5+dfsg2-8 (bug #1054232)
- haproxy 1.8.13-1
- nginx 1.24.0-2 (unimportant; bug #1053770)
=====================================
data/dla-needed.txt
=====================================
@@ -273,6 +273,9 @@ wireshark (Adrian Bunk)
NOTE: 20231204: DLA pending (bunk)
NOTE: 20231218: Debugging a problem with the update. (bunk)
--
+xorg-server
+ NOTE: 20240117: Added by Front-Desk (lamby)
+--
zabbix (tobi)
NOTE: 20231015: Added by Front-Desk (ta)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/49ed17cb5052b4f944c755ba3c50ce1e07c78780...55dff7d87dc873a7d7bed1823c687f22f5f994f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/49ed17cb5052b4f944c755ba3c50ce1e07c78780...55dff7d87dc873a7d7bed1823c687f22f5f994f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
