bookworm triage

Moritz Muehlenhoff (@jmm) Wed, 14 Feb 2024 05:25:33 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0d244b55 by Moritz Muehlenhoff at 2024-02-14T14:22:12+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -749,16 +749,19 @@ CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to 
contain an out-of-memory bug
        NOT-FOR-US: Bento4
 CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in 
the fun ...)
        - imlib2 1.10.0-2
+       [bullseye] - imlib2 <no-dsa> (Minor issue)
        NOTE: https://github.com/derf/feh/issues/712
        NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
        NOTE: Fixed by: 
https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6
 (v1.10.0)
 CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of 
imlib2 v1.9.1 ...)
        - imlib2 1.10.0-2
+       [bullseye] - imlib2 <no-dsa> (Minor issue)
        NOTE: https://github.com/derf/feh/issues/711
        NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
        NOTE: Fixed by: 
https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6
 (v1.10.0)
 CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of 
imlib2  ...)
        - imlib2 1.10.0-2
+       [bullseye] - imlib2 <no-dsa> (Minor issue)
        NOTE: https://github.com/derf/feh/issues/709
        NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
        NOTE: Fixed by: 
https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6
 (v1.10.0)
@@ -59425,7 +59428,7 @@ CVE-2023-26133 (All versions of the package 
progressbar.js are vulnerable to Pro
 CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to 
Prototyp ...)
        - node-dottie 2.0.6+~2.0.5-1 (bug #1040592)
        [bookworm] - node-dottie 2.0.2-4+deb12u1
-       [bullseye] - node-dottie 2.0.2-4+deb11u1
+       [bullseye] - node-dottie 2.0.2-1+deb11u1
        NOTE: https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763
        NOTE: 
https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68
 (v2.0.4)
 CVE-2023-26131 (All versions of the package 
github.com/xyproto/algernon/engine; all ve ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -58,6 +58,10 @@ phppgadmin
 --
 pillow (jmm)
 --
+postgresql-13/oldstable (jmm)
+--
+postgresql-15/stable (jmm)
+--
 py7zr/oldstable
 --
 python-asyncssh



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d244b55d0d6c9768efeb920fc0b1a30c3713105

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d244b55d0d6c9768efeb920fc0b1a30c3713105
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to