Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03f7fdcc by Moritz Muehlenhoff at 2024-04-23T13:37:56+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -279,6 +279,7 @@ CVE-2024-32652 (The adapter @hono/node-server allows you to
run your Hono applic
NOT-FOR-US: @hono/node-server
CVE-2024-32650 (Rustls is a modern TLS library written in Rust.
`rustls::ConnectionCom ...)
- rust-rustls <unfixed> (bug #1069677)
+ [bookworm] - rust-rustls <no-dsa> (Minor issue)
NOTE: github.com:
https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
NOTE: github.com:
https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d
(v/0.23.5)
NOTE: github.com:
https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e
(v/0.23.5)
@@ -4770,6 +4771,7 @@ CVE-2024-2201 [Native Branch History Injection]
{DSA-5658-1}
- linux <unfixed>
- xen <unfixed>
+ [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/09/15
@@ -8603,6 +8605,7 @@ CVE-2024-28247 (The Pi-hole is a DNS sinkhole that
protects your devices from un
NOT-FOR-US: Pi-Hole
CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter
notebooks. ...)
- jupyterhub <unfixed>
+ [bookworm] - jupyterhub <no-dsa> (Minor issue)
NOTE:
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g
NOTE:
https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through
24.0.0.3 is ...)
@@ -11732,6 +11735,7 @@ CVE-2024-23298 (A logic issue was addressed with
improved state management.)
NOT-FOR-US: Apple
CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is
vulnerable t ...)
- python-djangorestframework-simplejwt <unfixed> (bug #1067641)
+ [bookworm] - python-djangorestframework-simplejwt <no-dsa> (Minor issue)
NOTE: https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513
CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring
Frameworkto parse ...)
- libspring-java <unfixed> (unimportant)
@@ -50465,11 +50469,10 @@ CVE-2023-40579 (OpenFGA is an
authorization/permission engine built for develope
NOT-FOR-US: OpenFGA
CVE-2023-40577 (Alertmanager handles alerts sent by client applications such
as the Pr ...)
{DLA-3609-1}
- - prometheus-alertmanager 0.26.0+ds-1 (bug #1050558)
- [bookworm] - prometheus-alertmanager <no-dsa> (Minor issue)
- [bullseye] - prometheus-alertmanager <no-dsa> (Minor issue)
+ - prometheus-alertmanager 0.26.0+ds-1 (unimportant; bug #1050558)
NOTE:
https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j
NOTE:
https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72
(v0.25.1)
+ NOTE: Debian package doesn't ship the UI
CVE-2023-40576 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
- freerdp2 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f7fdcca93c5ee671c2241382d8060970e80d55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f7fdcca93c5ee671c2241382d8060970e80d55
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
