Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2617d94c by Moritz Muehlenhoff at 2024-05-02T13:55:53+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2132,14 +2132,20 @@ CVE-2024-25624 (Iris is a web collaborative platform
aiming to help incident res
NOT-FOR-US: Iris
CVE-2024-25569 (An out-of-bounds read vulnerability exists in the
RAWCodec::DecodeByte ...)
- gdcm <unfixed>
+ [bookworm] - gdcm <no-dsa> (Minor issue)
+ [bullseye] - gdcm <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
NOT-FOR-US: IBM
CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the
LookupTable:: ...)
- gdcm <unfixed>
+ [bookworm] - gdcm <no-dsa> (Minor issue)
+ [bullseye] - gdcm <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
CVE-2024-22373 (An out-of-bounds write vulnerability exists in the
JPEG2000Codec::Deco ...)
- gdcm <unfixed>
+ [bookworm] - gdcm <no-dsa> (Minor issue)
+ [bullseye] - gdcm <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
@@ -2826,6 +2832,8 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager
and meal planner. Prior t
NOT-FOR-US: Mealie
CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability
via the ...)
- pytorch <unfixed>
+ [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows
attackers to ...)
NOT-FOR-US: autoexpress
@@ -3443,15 +3451,23 @@ CVE-2023-4509 (It is possible for an API key to be
logged in clear text in the a
NOT-FOR-US: Octopus Deploy
CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
+ [bookworm] - ofono <no-dsa> (Minor issue)
+ [bullseye] - ofono <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402
CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
+ [bookworm] - ofono <no-dsa> (Minor issue)
+ [bullseye] - ofono <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399
CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
+ [bookworm] - ofono <no-dsa> (Minor issue)
+ [bullseye] - ofono <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
+ [bookworm] - ofono <no-dsa> (Minor issue)
+ [bullseye] - ofono <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255394
CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60
allowed a ...)
{DSA-5668-1}
@@ -3616,6 +3632,8 @@ CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was
discovered to contain an Off-by-
NOTE: Introduced by
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
(n5.1)
CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a
use-after-fr ...)
- pytorch <unfixed>
+ [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer
overflow v ...)
[experimental] - ffmpeg 7:7.0-1
@@ -3633,6 +3651,8 @@ CVE-2024-31581 (FFmpeg version n6.1 was discovered to
contain an improper valida
NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
(n7.0)
CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer
overflow ...)
- pytorch <unfixed>
+ [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap
use-after-free ...)
[experimental] - ffmpeg 7:7.0-1
@@ -6281,6 +6301,8 @@ CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be
vulnerable to ArrayIndexO
NOT-FOR-US: Disputed JFreeChart issue
CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed> (bug #1069679)
+ [bookworm] - ofono <no-dsa> (Minor issue)
+ [bullseye] - ofono <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
NOTE:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
NOTE:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
@@ -14051,6 +14073,8 @@ CVE-2023-6821 (The Error Log Viewer by BestWebSoft
WordPress plugin before 1.1.3
CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters
interoperabi ...)
{DLA-3803-1}
- astropy 5.3.3-1
+ [bookworm] - astropy <no-dsa> (Minor issue)
+ [bullseye] - astropy <no-dsa> (Minor issue)
NOTE:
https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
NOTE:
https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5
(v5.3.3)
CVE-2024-26641 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
@@ -21073,6 +21097,7 @@ CVE-2024-1669 (Out of bounds memory access in Blink in
Google Chrome prior to 12
CVE-2024-1481 (A flaw was found in FreeIPA. This issue may allow a remote
attacker to ...)
{DLA-3773-1}
- freeipa <unfixed> (bug #1065106)
+ [bookworm] - freeipa <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262169
NOTE: https://pagure.io/freeipa/issue/9541
NOTE: ipa-4.10:
https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
@@ -80685,6 +80710,8 @@ CVE-2023-26794
RESERVED
CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow
vulnerability in re ...)
- libmodbus <unfixed>
+ [bookworm] - libmodbus <no-dsa> (Minor issue)
+ [bullseye] - libmodbus <no-dsa> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/683
CVE-2023-26792
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2617d94c71edd7a4790297c89a74ca5f78c075a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2617d94c71edd7a4790297c89a74ca5f78c075a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
