bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 03 Jun 2024 08:52:39 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7714f1bf by Moritz Muehlenhoff at 2024-06-03T17:51:56+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,6 +120,8 @@ CVE-2024-5501 (The Supreme Modules Lite \u2013 Divi Theme, 
Extra Theme and Divi
        NOT-FOR-US: WordPress plugin
 CVE-2024-5138 (The snapctl component within snapd allows a confined snap to 
interact  ...)
        - snapd <unfixed> (bug #1072365)
+       [bookworm] - snapd <no-dsa> (Minor issue)
+       [bullseye] - snapd <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/snapd/+bug/2065077
        NOTE: 
https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
        NOTE: 
https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
@@ -187,12 +189,18 @@ CVE-2024-4160 (The Download Manager plugin for WordPress 
is vulnerable to Stored
        NOT-FOR-US: WordPress plugin
 CVE-2024-36845 (An invalid pointer in the modbus_receive() function of 
libmodbus v3.1. ...)
        - libmodbus <unfixed>
+       [bookworm] - libmodbus <no-dsa> (Minor issue)
+       [bullseye] - libmodbus <no-dsa> (Minor issue)
        NOTE: https://github.com/stephane/libmodbus/issues/750
 CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free 
via the ct ...)
        - libmodbus <unfixed>
+       [bookworm] - libmodbus <no-dsa> (Minor issue)
+       [bullseye] - libmodbus <no-dsa> (Minor issue)
        NOTE: https://github.com/stephane/libmodbus/issues/749
 CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via 
the mod ...)
        - libmodbus <unfixed>
+       [bookworm] - libmodbus <no-dsa> (Minor issue)
+       [bullseye] - libmodbus <no-dsa> (Minor issue)
        NOTE: https://github.com/stephane/libmodbus/issues/748
 CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation 
techniqu ...)
        TODO: check
@@ -308,6 +316,8 @@ CVE-2024-23847 (Incorrect default permissions issue exists 
in Unifier and Unifie
        NOT-FOR-US: Unifier and Unifier Cast
 CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where 
an Atta ...)
        - edk2 <unfixed>
+       [bookworm] - edk2 <no-dsa> (Minor issue)
+       [bullseye] - edk2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
        NOTE: https://github.com/tianocore/edk2/pull/5659
@@ -29142,6 +29152,8 @@ CVE-2024-28184 (WeasyPrint helps web developers to 
create PDF documents. Since v
 CVE-2024-28180 (Package jose aims to provide an implementation of the 
Javascript Objec ...)
        - golang-github-go-jose-go-jose 4.0.1-1 (bug #1065814)
        - golang-gopkg-square-go-jose.v2 2.6.3-1
+       [bookworm] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
+       [bullseye] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
        NOTE: 
https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298
 (v2.6.3)
        NOTE: 
https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a
 (v3.0.3)
@@ -47912,6 +47924,8 @@ CVE-2023-50268 (jq is a command-line JSON processor. 
Version 1.7 is vulnerable t
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b 
(jq-1.7.1)
 CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG 
images Do ...)
        - php-dompdf 2.0.4+dfsg-1 (bug #1058793)
+       [bookworm] - php-dompdf <no-dsa> (Minor issue)
+       [bullseye] - php-dompdf <no-dsa> (Minor issue)
        [buster] - php-dompdf <not-affected> (SVG images are rejected by 
default)
        NOTE: 
https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2
        NOTE: 
https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593
 (v2.0.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7714f1bf6e461999658211085daf2ce3f40a4a6d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7714f1bf6e461999658211085daf2ce3f40a4a6d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to