Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f9575ae by Moritz Muehlenhoff at 2024-04-30T10:21:11+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,6 +316,8 @@ CVE-2024-4292 (A vulnerability classified as critical has
been found in Contempo
NOT-FOR-US: Contemporary Controls BASrouter BACnet BASRT-B
CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before
3.1.10 for ...)
- node-ejs 3.1.10+~3.1.5-1
+ [bookworm] - node-ejs <no-dsa> (Minor issue)
+ [bullseye] - node-ejs <no-dsa> (Minor issue)
NOTE:
https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5
(v3.1.10)
CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a
branch-based t ...)
TODO: check
@@ -4129,6 +4131,8 @@ CVE-2023-38511 (iTop is an IT service management
platform. Dashboard editor : c
NOT-FOR-US: iTop
CVE-2024-XXXX [validate a server certificate in a TLS-based server-server
connection]
- ngircd 27~rc1-1
+ [bookworm] - ngircd <no-dsa> (Minor issue, will be fixed via point
update)
+ [bullseye] - ngircd <no-dsa> (Minor issue, will be fixed via point
update)
NOTE: https://github.com/ngircd/ngircd/issues/120
NOTE:
https://github.com/ngircd/ngircd/commit/817937b218c4b57515f54216ebc936cd69df0aae
(rel-27-rc1)
CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly
restrict ...)
@@ -15354,6 +15358,8 @@ CVE-2024-28110 (Go SDK for CloudEvents is the official
CloudEvents SDK to integr
NOT-FOR-US: cloudevents/sdk-go
CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using
python-cryp ...)
- python-jwcrypto <unfixed> (bug #1065688)
+ [bookworm] - python-jwcrypto <no-dsa> (Minor issue)
+ [bullseye] - python-jwcrypto <no-dsa> (Minor issue)
NOTE:
https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97
NOTE:
https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f
(v1.5.6)
CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a
federated ...)
@@ -141409,8 +141415,8 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC
accepts kpasswd requests encr
CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for
the dNSH ...)
[experimental] - samba 2:4.17.0+dfsg-1
- samba 2:4.17.2+dfsg-3 (bug #1021022)
- [bullseye] - samba <no-dsa> (Minor issue)
- [buster] - samba <postponed> (Minor issue)
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not
correctly ...)
{DSA-5205-1 DLA-3792-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
