Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 644cd696 by Moritz Muehlenhoff at 2024-05-10T18:04:15+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1310,11 +1310,15 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `kee NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2) CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...) - python-werkzeug 3.0.3-1 (bug #1070711) + [bookworm] - python-werkzeug <no-dsa> (Minor issue) + [bullseye] - python-werkzeug <no-dsa> (Minor issue) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3) NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3) CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...) - jinja2 <unfixed> (bug #1070712) + [bookworm] - jinja2 <no-dsa> (Minor issue) + [bullseye] - jinja2 <no-dsa> (Minor issue) NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4) CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects ...) @@ -6701,6 +6705,8 @@ CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. - git-credential-manager <itp> (bug #1002300) CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) - docker.io <unfixed> (bug #1070378) + [bookworm] - docker.io <no-dsa> (Minor issue) + [bullseye] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9 NOTE: https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) @@ -17532,6 +17538,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers [bookworm] - python3.11 <no-dsa> (Minor issue) - python3.10 <removed> - python3.9 <removed> + [bullseye] - python3.9 <no-dsa> (Minor issue) - python3.7 <removed> - python2.7 <removed> [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications) @@ -78571,6 +78578,7 @@ CVE-2023-28757 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...) {DLA-3447-1 DLA-3408-1} - ruby3.1 <unfixed> (bug #1038408) + [bookworm] - ruby3.1 <no-dsa> (Minor issue) - ruby2.7 <removed> - ruby2.5 <removed> [experimental] - jruby 9.4.3.0+ds-1~exp1 @@ -78586,6 +78594,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 [bookworm] - rubygems <no-dsa> (Minor issue) [bullseye] - rubygems <no-dsa> (Minor issue) - ruby3.1 <unfixed> (bug #1038408) + [bookworm] - ruby3.1 <no-dsa> (Minor issue) - ruby2.7 <removed> - ruby2.5 <removed> [experimental] - jruby 9.4.3.0+ds-1~exp1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits