[Git][security-tracker-team/security-tracker][master] 2 commits: bookworm/bullseye triage

Thu, 15 Feb 2024 06:48:12 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
241f0ec9 by Moritz Muehlenhoff at 2024-02-15T15:43:52+01:00
bookworm/bullseye triage

- - - - -
3663f614 by Moritz Muehlenhoff at 2024-02-15T15:45:42+01:00
new squid issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,10 @@ CVE-2024-25619 (Mastodon is a free, open-source social 
network server based on A
 CVE-2024-25618 (Mastodon is a free, open-source social network server based on 
Activit ...)
        - mastodon <itp> (bug #859741)
 CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting 
HTTP, HTT ...)
-       TODO: check
+       - squid 6.5-1
+       NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr
+       NOTE: 
https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817
 (SQUID_6_5)
+       NOTE: https://github.com/squid-cache/squid/pull/1536
 CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to 
Ver.3.1.8 ...)
        NOT-FOR-US: a-blog cms
 CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute 
arbitrary ...)
@@ -713,6 +716,7 @@ CVE-2023-5679 (A bad interaction between DNS64 and 
serve-stale may cause `named`
        NOTE: https://kb.isc.org/docs/cve-2023-5679
 CVE-2023-6516 (To keep its cache database efficient, `named` running as a 
recursive r ...)
        - bind9 1:9.19.21-1
+       [bookworm] - bind9 <not-affected> (Vulnerable code only in 9.16.y 
series)
        [bullseye] - bind9 1:9.16.48-1
        [buster] - bind9 <not-affected> (Vulnerable code only in 9.16.y series)
        NOTE: https://kb.isc.org/docs/cve-2023-6516
@@ -121682,6 +121686,7 @@ CVE-2022-1950 (The Youzify WordPress plugin before 
1.2.0 does not sanitise and e
        NOT-FOR-US: WordPress plugin
 CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. 
That mish ...)
        - 389-ds-base 2.3.1-1 (bug #1016446)
+       [bullseye] - 389-ds-base <ignored> (Minor issue, too intrusive to 
backport)
        [buster] - 389-ds-base <ignored> (Too intrusive too backport)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781
        NOTE: https://github.com/389ds/389-ds-base/issues/5170


=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ engrampa (jmm)
 --
 frr
 --
+gnutls28/oldstable
+--
 gpac/oldstable
 --
 gtkwave



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ae569735a3d593a677e3f0cb81600f4a74c64e6...3663f614ae179e6e2354e4e1fb55244233cb1fda
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to