bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 15 Apr 2024 07:41:59 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
645a212f by Moritz Muehlenhoff at 2024-04-15T16:41:00+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -958,9 +958,9 @@ CVE-2024-23083 (Time4J Base v5.9.3 was discovered to 
contain a NullPointerExcept
 CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a 
NullPointerException via ...)
        NOT-FOR-US: Joda Time
 CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to 
ArrayIndexOutOfBo ...)
-       - libjfreechart-java <unfixed>
+       NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-23076 (JFreeChart v1.5.4 was discovered to contain a 
NullPointerException via ...)
-       - libjfreechart-java <unfixed>
+       NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are 
affected by a ...)
@@ -1006,7 +1006,7 @@ CVE-2024-0218 (A Denial of Service (Dos) vulnerability in 
Nozomi Networks Guardi
 CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive 
information.  ...)
        NOT-FOR-US: Nozomi Networks
 CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to 
ArrayIndexOutOfBo ...)
-       - libjfreechart-java <unfixed>
+       NOT-FOR-US: Disputed JFreeChart issue
 CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A 
stack  ...)
        - ofono <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
@@ -2180,13 +2180,13 @@ CVE-2024-25646 (Due to improper validation,SAP 
BusinessObject Business Intellige
 CVE-2024-23584 (The NMAP Importer service may expose data store credentials to 
authori ...)
        NOT-FOR-US: HCL
 CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an 
ArrayIndexOutOfBoundsExce ...)
-       - libapfloat-java <unfixed>
+       NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a 
NullPointerExcept ...)
        NOT-FOR-US: ThreeTen Backport
 CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a 
NullPointerException v ...)
-       - jgrapht <unfixed>
+       NOT-FOR-US: Disputed JGraphT issue
 CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a 
NullPointerException via ...)
-       - libjfreechart-java <unfixed>
+       NOT-FOR-US: Disputed JFreeChart issue
 CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does 
not sa ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss 
EAP, wher ...)
@@ -2298,13 +2298,13 @@ CVE-2024-23190 (Upsell shop information of an account 
can be manipulated to exec
 CVE-2024-23189 (Embedded content references at tasks could be used to 
temporarily exec ...)
        NOT-FOR-US: Open-Xchange
 CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via 
the com ...)
-       - libapfloat-java <unfixed>
+       NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a 
NullPointerException via t ...)
-       - libapfloat-java <unfixed>
+       NOT-FOR-US: Disputed Apfloat issue
 CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer 
overflow ...)
        NOT-FOR-US: ThreeTen Backport
 CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a 
NullPointerException v ...)
-       - jgrapht <unfixed>
+       NOT-FOR-US: Disputed JGraphT issue
 CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent 
visitors f ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. 
Impact: Succ ...)
@@ -2360,6 +2360,8 @@ CVE-2024-26811 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can 
cause un ...)
        [experimental] - openssl 3.3.0-1
        - openssl <unfixed> (bug #1068658)
+       [bookworm] - openssl <postponed> (Minor issue, fix along with next 
update round)
+       [bullseye] - openssl <postponed> (Minor issue, fix along with next 
update round)
        NOTE: https://www.openssl.org/news/secadv/20240408.txt
        NOTE: 
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
 (openssl-3.2.y)
        NOTE: 
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
 (openssl-3.1.y)
@@ -2469,6 +2471,7 @@ CVE-2023-52341 (In Plaintext COUNTER CHECK message 
accepted before AS security a
        NOT-FOR-US: Unisoc
 CVE-2021-47208 (The Mojolicious module before 9.11 for Perl has a bug in 
format detect ...)
        - libmojolicious-perl 9.21+dfsg-1
+       [bullseye] - libmojolicious-perl <no-dsa> (Minor issue)
        NOTE: https://github.com/mojolicious/mojo/issues/1736
        NOTE: 
https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c
 (v9.11)
 CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to 
secure_co ...)
@@ -6713,6 +6716,8 @@ CVE-2024-29515 (File Upload vulnerability in lepton 
v.7.1.0 allows a remote auth
        NOT-FOR-US: Lepton CMS
 CVE-2024-29025 (Netty is an asynchronous event-driven network application 
framework fo ...)
        - netty <unfixed> (bug #1068110)
+       [bookworm] - netty <postponed> (Minor issue, fix along with future 
update)
+       [bullseye] - netty <postponed> (Minor issue, fix along with future 
update)
        NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
        NOTE: 
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c 
(netty-4.1.108.Final)
        NOTE: https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
@@ -14481,6 +14486,8 @@ CVE-2024-25770 (libming 0.4.8 contains a memory leak 
vulnerability in /libming/s
        - ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference 
vulnerability in / ...)
        - opendmarc <unfixed>
+       [bookworm] - opendmarc <no-dsa> (Minor issue)
+       [bullseye] - opendmarc <no-dsa> (Minor issue)
        [buster] - opendmarc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
 CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in 
/nanomq/nng/s ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to