Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d53ba7c1 by Moritz Muehlenhoff at 2024-06-19T22:37:40+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -970,6 +970,8 @@ CVE-2024-37891 (urllib3 is a user-friendly HTTP client
library for Python. When
NOTE:
https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
(2.2.2)
CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js.
A reques ...)
- node-ws <unfixed>
+ [bookworm] - node-ws <no-dsa> (Minor issue)
+ [bullseye] - node-ws <no-dsa> (Minor issue)
NOTE:
https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
NOTE: https://github.com/websockets/ws/issues/2230
NOTE: https://github.com/websockets/ws/pull/2231
@@ -1157,7 +1159,7 @@ CVE-2024-38427 (In International Color Consortium
DemoIccMAX before 85ce74e, a l
CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title"
setting ...)
NOT-FOR-US: iTerm2
CVE-2024-38394 (Mismatches in interpreting USB authorization policy between
GNOME Sett ...)
- - gnome-settings-daemon <unfixed>
+ - gnome-settings-daemon <unfixed> (unimportant)
NOTE: https://pulsesecurity.co.nz/advisories/usbguard-bypass
NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780
NOTE:
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914
@@ -2816,6 +2818,7 @@ CVE-2023-50763 (A vulnerability has been identified in
SIMATIC CP 1542SP-1 (6GK7
NOT-FOR-US: Siemens
CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token
authentication ...)
- dogtag-pki <unfixed>
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232218
CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport,
Essential Plu ...)
NOT-FOR-US: WordPress plugin
@@ -3468,7 +3471,9 @@ CVE-2024-30464 (Missing Authorization vulnerability in
WPZOOM Social Icons Widge
NOT-FOR-US: WordPress plugin
CVE-2024-2408 (The openssl_private_decrypt function in PHP, when using PKCS1
padding ...)
- php8.2 <unfixed>
+ [bookworm] - php8.2 <postponed> (Minor issue, revisit when fixed
upstream)
- php7.4 <removed>
+ [bookworm] - php7.4 <postponed> (Minor issue, revisit when fixed
upstream)
- php7.3 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
CVE-2024-25929 (Missing Authorization vulnerability in MultiVendorX Product
Catalog En ...)
@@ -3990,6 +3995,8 @@ CVE-2024-5482 (A Server-Side Request Forgery (SSRF)
vulnerability exists in the
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-5480 (A vulnerability in the PyTorch's torch.distributed.rpc
framework, spec ...)
- pytorch <unfixed> (bug #1072969)
+ [bookworm] - pytorch <no-dsa> (Minor issue)
+ [bullseye] - pytorch <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3
CVE-2024-5478 (A Cross-site Scripting (XSS) vulnerability exists in the SAML
metadata ...)
NOT-FOR-US: lunary-ai/lunary
@@ -23848,6 +23855,7 @@ CVE-2024-5458 (In PHP versions8.1.* before 8.1.29,
8.2.* before 8.2.20, 8.3.* be
{DLA-3833-1}
- php8.2 <unfixed> (bug #1072885)
- php7.4 <removed>
+ [bullseye] - php7.4 <no-dsa> (Minor issue)
- php7.3 <removed>
NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
=====================================
data/dsa-needed.txt
=====================================
@@ -45,6 +45,8 @@ nodejs (aron)
--
opennds/stable
--
+php8.2/stable (jmm)
+--
php-cas/oldstable
--
php-horde-mime-viewer/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d53ba7c1fc8314f32913e49e1f5801ccb90b00cd
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d53ba7c1fc8314f32913e49e1f5801ccb90b00cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
