Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
797ea310 by Moritz Muehlenhoff at 2024-02-06T21:09:00+01:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -321,17 +321,16 @@ CVE-2024-24397 (Cross Site Scripting vulnerability in
Stimulsoft GmbH Stimulsoft
CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH
Stimulsoft Dashb ...)
NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS
CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the
gfio_blob ...)
- - gpac <undetermined>
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md
- TODO: unclear if reported upstream
CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF)
vulnerabi ...)
- - gpac <undetermined>
+ - gpac <unfixed>
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md
- TODO: unclear if reported upstream
CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the
dst_props ...)
- - gpac <undetermined>
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md
- TODO: unclear if reported upstream
CVE-2024-24263 (Lotos WebServer v0.1.1 was discovered to contain a
Use-After-Free (UAF ...)
NOT-FOR-US: Lotos WebServer
CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free
(UAF) v ...)
@@ -4946,6 +4945,8 @@ CVE-2022-4958 (A vulnerability classified as problematic
has been found in qkmc-
CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders
in the ...)
{DLA-3715-1}
- jinja2 <unfixed> (bug #1060748)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
+ [bullseye] - jinja2 <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
NOTE: Fixed by:
https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23
(3.1.3)
CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating
function ...)
@@ -5312,6 +5313,7 @@ CVE-2023-46712 (A improper access control in Fortinet
FortiPortal version 7.0.0
NOT-FOR-US: FortiGuard
CVE-2023-45139 (fontTools is a library for manipulating fonts, written in
Python. The ...)
- fonttools 4.46.0-1
+ [bookworm] - fonttools <no-dsa> (Minor issue)
[bullseye] - fonttools <not-affected> (Vulnerable code not present)
[buster] - fonttools <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797ea310bda69147de664e93c379d87d6b2dd7fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797ea310bda69147de664e93c379d87d6b2dd7fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
