Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e0bccad by Moritz Muehlenhoff at 2024-04-25T17:44:51+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -130,6 +130,8 @@ CVE-2024-32947 (Cross-Site Request Forgery (CSRF)
vulnerability in AlumniOnline
NOT-FOR-US: WordPress plugin
CVE-2024-32879 (Python Social Auth is a social authentication/registration
mechanism. ...)
- social-auth-app-django <unfixed>
+ [bookworm] - social-auth-app-django <no-dsa> (Minor issue)
+ [bullseye] - social-auth-app-django <no-dsa> (Minor issue)
- python-social-auth <removed>
NOTE:
https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
NOTE:
https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
(5.4.1)
@@ -331,6 +333,8 @@ CVE-2024-3154
- cri-o <itp> (bug #979702)
CVE-2024-30171
- bouncycastle <unfixed>
+ [bookworm] - bouncycastle <no-dsa> (Minor issue)
+ [bullseye] - bouncycastle <no-dsa> (Minor issue)
NOTE: https://github.com/bcgit/bc-java/issues/1528
CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
rated ...)
NOT-FOR-US: Tenda
@@ -7186,7 +7190,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to
4.2.2. It has been rated a
CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It
has been ...)
NOT-FOR-US: ermig1979 Simd
CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and
classified a ...)
- - libyaml <unfixed>
+ NOTE: Non issue reported for libyaml:
+ NOTE: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931
NOTE: https://vuldb.com/?submit.304561
NOTE: https://github.com/yaml/libyaml/issues/289
CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and
classified ...)
@@ -11964,6 +11969,8 @@ CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability, which was classi
NOT-FOR-US: AndroidWeatherApp
CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is
used, th ...)
- murano <removed> (bug #1068459)
+ [bookworm] - murano <ignored> (To be removed in point release)
+ [bullseye] - murano <ignored> (To be removed in point release)
NOTE: https://bugs.launchpad.net/murano/+bug/2048114
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093
NOTE: No fix in Murano, but a change in src:yaql renders this
unexploitable:
@@ -49444,6 +49451,8 @@ CVE-2023-36382 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic
(becaus ...)
- golang-github-disintegration-imaging <unfixed> (bug #1069062)
+ [bookworm] - golang-github-disintegration-imaging <no-dsa> (Minor issue)
+ [bullseye] - golang-github-disintegration-imaging <no-dsa> (Minor issue)
NOTE: https://github.com/disintegration/imaging/issues/165
CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an
integer ...)
NOT-FOR-US: ZPLGFA
=====================================
data/dsa-needed.txt
=====================================
@@ -12,11 +12,11 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
--
-atril
+atril (jmm)
--
chromium (dilinger)
--
-dav1d
+dav1d (jmm)
--
dnsdist (jmm)
--
@@ -50,7 +50,7 @@ opennds/stable
--
org-mode
--
-pdns-recursor
+pdns-recursor (jmm)
--
php-cas/oldstable
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0bccad6269ecf94ccfd67828a9b4372b2acdf4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0bccad6269ecf94ccfd67828a9b4372b2acdf4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
