Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb0e0ce4 by Moritz Muehlenhoff at 2024-02-23T23:01:13+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -497,6 +497,8 @@ CVE-2024-26133 (EventStoreDB (ESDB) is an operational
database built to store ev
NOT-FOR-US: EventStoreDB (ESDB)
CVE-2024-26130 (cryptography is a package designed to expose cryptographic
primitives ...)
- python-cryptography <unfixed>
+ [bookworm] - python-cryptography <no-dsa> (Minor issue)
+ [bullseye] - python-cryptography <no-dsa> (Minor issue)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
NOTE: https://github.com/pyca/cryptography/pull/10423
NOTE: Fixed by:
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
(main)
@@ -527,6 +529,7 @@ CVE-2024-25249 (An issue in He3 App for macOS version
2.0.17, allows remote atta
NOT-FOR-US: He3 App for macOS
CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file
parsing/rendering ...)
- php-dompdf-svg-lib <unfixed>
+ [bookworm] - php-dompdf-svg-lib <no-dsa> (Minor issue)
NOTE:
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273
NOTE:
https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa
(0.5.2)
NOTE:
https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42
(0.5.2)
@@ -856,6 +859,8 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in
the component /sysFile
NOT-FOR-US: Novel-Plus
CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer
overflo ...)
- texlive-bin <unfixed> (bug #1064517)
+ [bookworm] - texlive-bin <no-dsa> (Minor issue)
+ [bullseye] - texlive-bin <no-dsa> (Minor issue)
NOTE:
https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
NOTE: https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912
NOTE: https://github.com/TeX-Live/texlive-source/pull/63
@@ -884,6 +889,8 @@ CVE-2024-24475
REJECTED
CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant
buffer overf ...)
- qemu 1:8.2.0+ds-1
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810
NOTE:
https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52
(v8.2.0-rc0)
CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII
Header Par ...)
@@ -1359,6 +1366,8 @@ CVE-2024-1343 (A weak permission was found in the backup
directory in LaborOffic
NOT-FOR-US: LaborOfficeFree
CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation
of the ...)
- fastdds <unfixed> (bug #1064515)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE:
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
NOTE:
https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
CVE-2024-26308 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb0e0ce495fe2a3a6259c02c0a90a18b08dce809
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
