bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 15 Mar 2024 07:31:59 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
61b65e49 by Moritz Mühlenhoff at 2024-03-15T15:30:42+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,6 +33,8 @@ CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows 
a remote attacker t
        NOTE: 
https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092
 CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur 
via a craf ...)
        - cimg <unfixed>
+       [bookworm] - cimg <no-dsa> (Minor issue)
+       [bullseye] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/GreycLab/CImg/issues/403
 CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities 
Network O ...)
        NOT-FOR-US: Greek Universities Network Open eClass
@@ -97,6 +99,8 @@ CVE-2024-2437
        REJECTED
 CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for 
Node's `ht ...)
        - node-follow-redirects <unfixed>
+       [bookworm] - node-follow-redirects <no-dsa> (Minor issue)
+       [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
        NOTE: 
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
        NOTE: https://github.com/psf/requests/issues/1885
        NOTE: 
https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b
 (v1.15.6)
@@ -1060,6 +1064,7 @@ CVE-2023-28746 (Information exposure through 
microarchitectural state after tran
 CVE-2024-2193 [GhostRace: Speculative Race Conditions]
        - linux <unfixed>
        - xen <unfixed>
+       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/14


=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ opennds/stable
 --
 php-cas/oldstable
 --
-php-dompdf-svg-lib/stable
+php-dompdf-svg-lib/stable (jmm)
   William Desportes is proposing an update needing review 
([email protected])
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to