Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02ce7e05 by Thorsten Alteholz at 2024-05-12T00:27:55+02:00
mark CVE-2024-34244 as postponed for Buster
- - - - -
ee474fff by Thorsten Alteholz at 2024-05-12T00:43:39+02:00
mark CVE-2024-34490 as postponed for Buster
- - - - -
49bdd908 by Thorsten Alteholz at 2024-05-12T00:44:50+02:00
mark CVE-2024-31636 as postponed for Buster
- - - - -
d5024068 by Thorsten Alteholz at 2024-05-12T00:46:09+02:00
mark CVE-2024-28960 as postponed for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -918,6 +918,7 @@ CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site
Scripting(XSS) vulnerabili
NOT-FOR-US: jizhicms
CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
modbus_writ ...)
- libmodbus <unfixed>
+ [buster] - libmodbus <postponed> (Minor issue; out-of-bounds read, DoS)
NOTE: https://github.com/stephane/libmodbus/issues/743
CVE-2024-33612 (An improper certificate validation vulnerability exists in
BIG-IP Next ...)
NOT-FOR-US: F5 BIG-IP
@@ -1815,6 +1816,7 @@ CVE-2024-34490 (In Maxima through 5.47.0 before 51704c,
the plotting facilities
- maxima <unfixed>
[bookworm] - maxima <no-dsa> (Minor issue)
[bullseye] - maxima <no-dsa> (Minor issue)
+ [buster] - maxima <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/maxima/bugs/3755/
CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers
to cause ...)
NOT-FOR-US: Faucet SDN Ryu
@@ -2275,6 +2277,7 @@ CVE-2024-31636 (An issue in LIEF v.0.14.1 allows a local
attacker to obtain sens
- lief <unfixed>
[bookworm] - lief <no-dsa> (Minor issue)
[bullseye] - lief <no-dsa> (Minor issue)
+ [buster] - lief <postponed> (Minor issue)
NOTE: https://github.com/lief-project/LIEF/issues/1038
NOTE:
https://github.com/lief-project/LIEF/commit/307e113f8e00b034f0a5f1baa33e54d636c52ea3
CVE-2024-30851 (Directory Traversal vulnerability in codesiddhant Jasmin
Ransomware v. ...)
@@ -14810,6 +14813,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS
2.18.0 through 2.28.x before
- mbedtls 2.28.8-1
[bookworm] - mbedtls <no-dsa> (Minor issue)
[bullseye] - mbedtls <no-dsa> (Minor issue)
+ [buster] - mbedtls <postponed> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus
monitoring syste ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/06a1d63f9e1efa4eab9f0780b051baa8bd2f6539...d50240689ca8137cd9555cde98f1ffcda2056abd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/06a1d63f9e1efa4eab9f0780b051baa8bd2f6539...d50240689ca8137cd9555cde98f1ffcda2056abd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
