Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
916134f6 by Moritz Muehlenhoff at 2024-06-09T16:26:46+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,10 +18,14 @@ CVE-2024-4146 (In lunary-ai/lunary version v1.2.13, an
improper authorization vu
NOT-FOR-US: lunary-ai/lunary
CVE-2024-37408 (fprintd through 1.94.3 lacks a security attention mechanism,
and thus ...)
- fprintd <unfixed> (bug #1072854)
+ [bookworm] - fprintd <no-dsa> (Minor issue)
+ [bullseye] - fprintd <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/30/3
NOTE: https://lists.freedesktop.org/archives/fprint/2024-May/001231.html
CVE-2024-37407 (Libarchive before 3.7.4 allows name out-of-bounds access when
a ZIP ar ...)
- libarchive <unfixed> (bug #1072855)
+ [bookworm] - libarchive <no-dsa> (Minor issue)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/pull/2145
NOTE:
https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
(v3.7.4)
CVE-2024-35756 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -437,6 +441,8 @@ CVE-2023-32475 (Dell BIOS contains a missing support for
integrity check vulnera
NOT-FOR-US: Dell
CVE-2022-4968 (netplan leaks the private key of wireguard to local users. A
security ...)
- netplan.io <unfixed> (bug #1072789)
+ [bookworm] - netplan.io <no-dsa> (Minor issue)
+ [bullseye] - netplan.io <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/netplan/+bug/1987842
NOTE: https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738
CVE-2024-5684 (An attacker with access to the private network (the charger is
connect ...)
@@ -516,12 +522,16 @@ CVE-2024-5221 (The Qi Blocks plugin for WordPress is
vulnerable to Stored Cross-
NOT-FOR-US: WordPress plugin
CVE-2024-5206 (A sensitive data leakage vulnerability was identified in
scikit-learn' ...)
- scikit-learn <unfixed>
+ [bookworm] - scikit-learn <no-dsa> (Minor issue)
+ [bullseye] - scikit-learn <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c
NOTE:
https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8
(1.5.0rc1)
CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function
of the ...)
- onnx <unfixed>
+ [bookworm] - onnx <no-dsa> (Minor issue)
+ [bullseye] - onnx <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e
NOTE: https://github.com/onnx/onnx/pull/6164
CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the file ...)
@@ -11171,7 +11181,9 @@ CVE-2024-24790 (The various Is methods (IsPrivate,
IsLoopback, etc) did not work
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/67680
@@ -11179,7 +11191,9 @@ CVE-2024-24789 (The archive/zip package's handling of
certain types of invalid z
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/66869
@@ -723798,6 +723812,8 @@ CVE-2004-2387 (Buffer overflow in the
HandleCPCCommand function of sercd before
- sredird 2.2.1-1.1 (bug #267098)
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd
before 2.3 ...)
- sredird 2.2.2-0.1 (bug #267098; bug #1072340)
+ [bookworm] - sredird <no-dsa> (Minor issue)
+ [bullseye] - sredird <no-dsa> (Minor issue)
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive
path inf ...)
NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial
of serv ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -49,6 +49,8 @@ php-horde-mime-viewer/oldstable
--
php-horde-turba/oldstable
--
+plasma-workspace
+--
pymatgen/stable
--
python-aiohttp
@@ -74,5 +76,7 @@ ruby-tzinfo/oldstable
--
squid
--
+tinyproxy/oldstable
+--
zabbix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/916134f66bbaa906e56a5e220eb1951fbdf977ee
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/916134f66bbaa906e56a5e220eb1951fbdf977ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
