Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
644cd696 by Moritz Muehlenhoff at 2024-05-10T18:04:15+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1310,11 +1310,15 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based
HTML cleaner. If using `kee
NOTE:
https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550
(2.4.2)
CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The
debugger ...)
- python-werkzeug 3.0.3-1 (bug #1070711)
+ [bookworm] - python-werkzeug <no-dsa> (Minor issue)
+ [bullseye] - python-werkzeug <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
NOTE: Fixed by:
https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967
(3.0.3)
NOTE: Fixed by:
https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01
(3.0.3)
CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter
in affe ...)
- jinja2 <unfixed> (bug #1070712)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
+ [bullseye] - jinja2 <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
NOTE: Fixed by:
https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d
(3.1.4)
CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue
affects ...)
@@ -6701,6 +6705,8 @@ CVE-2024-32478 (Git Credential Manager (GCM) is a secure
Git credential helper.
- git-credential-manager <itp> (bug #1002300)
CVE-2024-32473 (Moby is an open source container framework that is a key
component of ...)
- docker.io <unfixed> (bug #1070378)
+ [bookworm] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io <no-dsa> (Minor issue)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
NOTE:
https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa
CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute
arbitrary ...)
@@ -17532,6 +17538,7 @@ CVE-2024-0450 (An issue was found in the CPython
`zipfile` module affecting vers
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.10 <removed>
- python3.9 <removed>
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
@@ -78571,6 +78578,7 @@ CVE-2023-28757
CVE-2023-28756 (A ReDoS issue was discovered in the Time component through
0.2.1 in Ru ...)
{DLA-3447-1 DLA-3408-1}
- ruby3.1 <unfixed> (bug #1038408)
+ [bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
[experimental] - jruby 9.4.3.0+ds-1~exp1
@@ -78586,6 +78594,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI
component through 0.12.0
[bookworm] - rubygems <no-dsa> (Minor issue)
[bullseye] - rubygems <no-dsa> (Minor issue)
- ruby3.1 <unfixed> (bug #1038408)
+ [bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
[experimental] - jruby 9.4.3.0+ds-1~exp1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644cd696af6b99d787c462f7c3c228d9a9ce54d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
