Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 241f0ec9 by Moritz Muehlenhoff at 2024-02-15T15:43:52+01:00 bookworm/bullseye triage - - - - - 3663f614 by Moritz Muehlenhoff at 2024-02-15T15:45:42+01:00 new squid issue - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -19,7 +19,10 @@ CVE-2024-25619 (Mastodon is a free, open-source social network server based on A CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon <itp> (bug #859741) CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...) - TODO: check + - squid 6.5-1 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr + NOTE: https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 (SQUID_6_5) + NOTE: https://github.com/squid-cache/squid/pull/1536 CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...) NOT-FOR-US: a-blog cms CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...) @@ -713,6 +716,7 @@ CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named` NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...) - bind9 1:9.19.21-1 + [bookworm] - bind9 <not-affected> (Vulnerable code only in 9.16.y series) [bullseye] - bind9 1:9.16.48-1 [buster] - bind9 <not-affected> (Vulnerable code only in 9.16.y series) NOTE: https://kb.isc.org/docs/cve-2023-6516 @@ -121682,6 +121686,7 @@ CVE-2022-1950 (The Youzify WordPress plugin before 1.2.0 does not sanitise and e NOT-FOR-US: WordPress plugin CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) - 389-ds-base 2.3.1-1 (bug #1016446) + [bullseye] - 389-ds-base <ignored> (Minor issue, too intrusive to backport) [buster] - 389-ds-base <ignored> (Too intrusive too backport) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781 NOTE: https://github.com/389ds/389-ds-base/issues/5170 ===================================== data/dsa-needed.txt ===================================== @@ -24,6 +24,8 @@ engrampa (jmm) -- frr -- +gnutls28/oldstable +-- gpac/oldstable -- gtkwave View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits