bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 28 May 2024 09:09:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a39303b3 by Moritz Muehlenhoff at 2024-05-28T17:57:45+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14052,23 +14052,31 @@ CVE-2024-32679 (Missing Authorization vulnerability 
in Shared Files PRO Shared F
 CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 3.5.1+dfsg1-1 (bug #1069752)
        - freerdp2 <unfixed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793
 (3.5.1)
        NOTE: Introduced by: 
https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6
 (2.0.0-beta1+android10)
 CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.5.1+dfsg1-1 (bug #1069752)
        - freerdp2 <unfixed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47
 (3.5.1)
 CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 3.5.1+dfsg1-1 (bug #1069752)
        - freerdp2 <unfixed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
 (3.5.1)
        NOTE: Introduced by: 
https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d
 (1.2.0-beta1+android7)
 CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 3.5.1+dfsg1-1 (bug #1069752)
        - freerdp2 <unfixed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
 (3.5.1)
 CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 
signing tool ...)
@@ -14290,36 +14298,48 @@ CVE-2015-10132 (A vulnerability classified as 
problematic was found in Thimo Gra
 CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265
 (2.11.6)
 CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265
 (2.11.6)
 CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07
 (2.11.6)
 CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97
 (2.11.6)
 CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7
 (2.11.6)
 CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed> (bug #1069728)
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
+       [bullseye] - freerdp2 <no-dsa> (Minor issue)
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881
 (2.11.6)


=====================================
data/dsa-needed.txt
=====================================
@@ -61,7 +61,7 @@ python-aiohttp
 --
 python-asyncssh
 --
-python-pymysql
+python-pymysql (jmm)
 --
 ring/oldstable
   might make sense to rebase to current version



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39303b3e0ff37e7e50a8221e12a086c56909de7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to