Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6324da2 by Thorsten Alteholz at 2024-04-28T23:17:41+02:00
update notes
- - - - -
3b1c9517 by Thorsten Alteholz at 2024-04-28T23:23:19+02:00
mark CVE-2024-32879 as postponed for buster
- - - - -
953f4cab by Thorsten Alteholz at 2024-04-28T23:25:03+02:00
mark two CVEs of sngrep as postponed
- - - - -
4d4b408d by Thorsten Alteholz at 2024-04-28T23:29:59+02:00
mark CVE-2024-29156 as ignored for Buster
- - - - -
5b7a5ec7 by Thorsten Alteholz at 2024-04-28T23:33:36+02:00
add dcmtk
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -847,6 +847,7 @@ CVE-2024-32879 (Python Social Auth is a social
authentication/registration mecha
- social-auth-app-django <unfixed>
[bookworm] - social-auth-app-django <no-dsa> (Minor issue)
[bullseye] - social-auth-app-django <no-dsa> (Minor issue)
+ [buster] - social-auth-app-django <postponed> (Minor issue)
- python-social-auth <removed>
NOTE:
https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
NOTE:
https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
(5.4.1)
@@ -5081,11 +5082,13 @@ CVE-2024-3120 (A stack-buffer overflow vulnerability
exists in all versions of s
- sngrep 1.8.1-1 (bug #1068818)
[bookworm] - sngrep <no-dsa> (Minor issue)
[bullseye] - sngrep <no-dsa> (Minor issue)
+ [buster] - sngrep <postponed> (Minor issue)
NOTE:
https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809
(v1.8.1)
CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of
sngrep since ...)
- sngrep 1.8.1-1 (bug #1068818)
[bookworm] - sngrep <no-dsa> (Minor issue)
[bullseye] - sngrep <no-dsa> (Minor issue)
+ [buster] - sngrep <postponed> (Minor issue)
NOTE:
https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc
(v1.8.1)
CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up
to and ...)
NOT-FOR-US: WordPress plugin
@@ -12723,6 +12726,7 @@ CVE-2024-29156 (In OpenStack Murano through 16.0.0,
when YAQL before 3.0.0 is us
- murano <removed> (bug #1068459)
[bookworm] - murano <ignored> (To be removed in point release)
[bullseye] - murano <ignored> (To be removed in point release)
+ [buster] - murano <ignored> (unmaintained upstream)
NOTE: https://bugs.launchpad.net/murano/+bug/2048114
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093
NOTE: No fix in Murano, but a change in src:yaql renders this
unexploitable:
=====================================
data/dla-needed.txt
=====================================
@@ -49,6 +49,9 @@ bind9 (Santiago)
NOTE: 20240418:
https://salsa.debian.org/lts-team/packages/bind9/-/commit/135e46d2e43b6e499454385c2228338c6a72ba96
NOTE: 20240418: All testing activities remains.
--
+dcmtk
+ NOTE: 20240428: Added by Front-Desk (ta)
+--
dnsmasq
NOTE: 20240303: Added by Front-Desk (apo)
NOTE: 20240325: Automatically unassigned (lamby)
@@ -298,6 +301,7 @@ tiff (Thorsten Alteholz)
NOTE: 20240314: Added by coordinator (roberto)
NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in
bullseye and
NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated.
(roberto)
+ NOTE: 20240428: testing package
--
tinymce
NOTE: 20231123: Added by Front-Desk (ola)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dca4d5635318336e67b292f148f00abb54dc4c87...5b7a5ec724b1aa7c97eb298e08184c9c85dca0c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dca4d5635318336e67b292f148f00abb54dc4c87...5b7a5ec724b1aa7c97eb298e08184c9c85dca0c4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
