Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcc4a98a by Moritz Muehlenhoff at 2024-06-13T20:35:33+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4322,42 +4322,62 @@ CVE-2024-24851 (A heap-based buffer overflow
vulnerability exists in the Program
NOT-FOR-US: AutomationDirect
CVE-2024-24686 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-24685 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-24684 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-24584 (Multiple out-of-bounds read vulnerabilities exist in the
readMSH funct ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-24583 (Multiple out-of-bounds read vulnerabilities exist in the
readMSH funct ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23951 (Multiple improper array index validation vulnerabilities exist
in the ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23950 (Multiple improper array index validation vulnerabilities exist
in the ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23949 (Multiple improper array index validation vulnerabilities exist
in the ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23948 (Multiple improper array index validation vulnerabilities exist
in the ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23947 (Multiple improper array index validation vulnerabilities exist
in the ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin
functionalit ...)
@@ -4370,12 +4390,16 @@ CVE-2024-22187 (A write-what-where vulnerability exists
in the Programming Softw
NOT-FOR-US: AutomationDirect
CVE-2024-22181 (An out-of-bounds write vulnerability exists in the readNODE
functional ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-21785 (A leftover debug code vulnerability exists in the Telnet
Diagnostic In ...)
NOT-FOR-US: AutomationDirect
CVE-2023-49600 (An out-of-bounds write vulnerability exists in the PlyFile
ply_cast_as ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2023-46694 (Vtenext 21.02 allows an authenticated attacker to upload
arbitrary fil ...)
@@ -4402,22 +4426,32 @@ CVE-2023-37411 (IBM Aspera Faspex 5.0.0 through 5.0.6
is vulnerable to cross-sit
NOT-FOR-US: IBM
CVE-2023-35953 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2023-35952 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2023-35951 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2023-35950 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
- slic3r-prusa <unfixed>
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
+ [bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if
fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
CVE-2024-4741 [Use After Free with SSL_free_buffers]
@@ -14492,10 +14526,14 @@ CVE-2023-50231 (NETGEAR ProSAFE Network Management
System saveNodeLabel Cross-Si
NOT-FOR-US: Netgear
CVE-2023-50230 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow
Remote Code ...)
- bluez 5.70-1
+ [bookworm] - bluez <no-dsa> (Minor issue)
+ [bullseye] - bluez <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1812/
NOTE:
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443
(5.70)
CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow
Remote Code ...)
- bluez 5.70-1
+ [bookworm] - bluez <no-dsa> (Minor issue)
+ [bullseye] - bluez <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1811/
NOTE:
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443
(5.70)
CVE-2023-50228 (Parallels Desktop Updater Improper Verification of
Cryptographic Signa ...)
@@ -28161,6 +28199,8 @@ CVE-2024-29196 (phpMyFAQ is an open source FAQ web
application for PHP 8.1+ and
NOT-FOR-US: phpMyFAQ
CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT
communication ...)
- azure-uamqp-python 1.6.9-2 (bug #1068457)
+ [bookworm] - azure-uamqp-python <no-dsa> (Minor issue)
+ [bullseye] - azure-uamqp-python <no-dsa> (Minor issue)
NOTE:
https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg
NOTE:
https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2
CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys
Geometry ser ...)
@@ -35739,6 +35779,8 @@ CVE-2024-27507 (libLAS 1.8.1 contains a memory leak
vulnerability in /libLAS/app
[buster] - liblas <no-dsa> (Minor issue)
CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure
Cloud Ser ...)
- azure-uamqp-python 1.6.8-2 (bug #1064996)
+ [bookworm] - azure-uamqp-python <no-dsa> (Minor issue)
+ [bullseye] - azure-uamqp-python <no-dsa> (Minor issue)
NOTE:
https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj
NOTE:
https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987
CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in
SocialMediaWeb ...)
@@ -39294,6 +39336,8 @@ CVE-2024-25112 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE: the Quicktime decoder
CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During
a call t ...)
- azure-uamqp-python 1.6.8-2 (bug #1064051)
+ [bookworm] - azure-uamqp-python <no-dsa> (Minor issue)
+ [bullseye] - azure-uamqp-python <no-dsa> (Minor issue)
NOTE:
https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695
NOTE:
https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v
NOTE: https://github.com/Azure/azure-uamqp-python/issues/380
@@ -46329,6 +46373,8 @@ CVE-2024-21648 (XWiki Platform is a generic wiki
platform offering runtime servi
NOT-FOR-US: XWiki
CVE-2024-21646 (Azure uAMQP is a general purpose C library for AMQP 1.0. The
UAMQP lib ...)
- azure-uamqp-python 1.6.8-1
+ [bookworm] - azure-uamqp-python <no-dsa> (Minor issue)
+ [bullseye] - azure-uamqp-python <no-dsa> (Minor issue)
NOTE:
https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv
NOTE:
https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe
NOTE: https://github.com/Azure/azure-uamqp-python/issues/372
@@ -95706,6 +95752,8 @@ CVE-2023-27350 (This vulnerability allows remote
attackers to bypass authenticat
CVE-2023-27349 (BlueZ Audio Profile AVRCP Improper Validation of Array Index
Remote Co ...)
{DLA-3820-1}
- bluez 5.68-1
+ [bookworm] - bluez <no-dsa> (Minor issue)
+ [bullseye] - bluez <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-386/
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9
(5.67)
CVE-2023-27348 (PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code
Executi ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -31,7 +31,7 @@ gpac/oldstable
--
h2o (jmm)
--
-libndp
+libndp (jmm)
Maintainer proposed to prepare updates himself
--
libreswan (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc4a98abec412f3764f26771a27dab95c7e178a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc4a98abec412f3764f26771a27dab95c7e178a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
