bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 24 Jun 2024 09:12:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a19b7ba4 by Moritz Muehlenhoff at 2024-06-24T17:06:58+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2074,10 +2074,13 @@ CVE-2024-4032 (The \u201cipaddress\u201d module 
contained incorrect information
        - python3.13 <not-affected> (Fixed before initial upload to Debian 
unstable)
        - python3.12 3.12.4-1
        - python3.11 <unfixed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
+       [bullseye] - python3.9 <no-dsa> (Minor issue)
        - python3.7 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
+       NOTE: https://github.com/advisories/GHSA-mh6q-v4mp-2cc7
        NOTE: https://github.com/python/cpython/issues/113171
        NOTE: https://github.com/python/cpython/pull/113179
        NOTE: 
https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb
 (3.11.y-branch)
@@ -2098,6 +2101,8 @@ CVE-2024-37893 (Firefly III is a free and open source 
personal finance manager.
        NOT-FOR-US: Firefly
 CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. 
When using  ...)
        - python-urllib3 <unfixed> (bug #1074149)
+       [bookworm] - python-urllib3 <no-dsa> (Minor issue)
+       [bullseye] - python-urllib3 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
        NOTE: 
https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
 (2.2.2)
 CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. 
A reques ...)
@@ -2182,10 +2187,13 @@ CVE-2024-0397 (A defect was discovered in the Python 
\u201cssl\u201d module wher
        - python3.13 <not-affected> (Fixed before initial upload to Debian 
unstable)
        - python3.12 3.12.3-1
        - python3.11 3.11.9-1
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
+       [bullseye] - python3.9 <no-dsa> (Minor issue)
        - python3.7 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
+       NOTE: https://github.com/advisories/GHSA-xhf3-pp4q-gxh5
        NOTE: https://github.com/python/cpython/issues/114572
        NOTE: https://github.com/python/cpython/pull/114573
        NOTE: 
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
 (v3.12.3)
@@ -4249,9 +4257,13 @@ CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw 
was found in Keycloak an
        NOT-FOR-US: Keycloak
 CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos 
TGS-REQ  ...)
        - freeipa <unfixed>
+       [bookworm] - freeipa <no-dsa> (Minor issue)
+       [bullseye] - freeipa <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
 CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial 
implementation ...)
        - freeipa <unfixed>
+       [bookworm] - freeipa <no-dsa> (Minor issue)
+       [bullseye] - freeipa <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
 CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router 
WLD71-T1_v ...)
        NOT-FOR-US: Comtrend router
@@ -5639,6 +5651,7 @@ CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for 
WordPress is vulnerable
        NOT-FOR-US: WordPress plugin
 CVE-2024-28103 (Action Pack is a framework for handling and responding to web 
requests ...)
        - rails <unfixed> (bug #1072705)
+       [bookworm] - rails <no-dsa> (Minor issue)
        [bullseye] - rails <not-affected> (Vulnerable code introduced later)
        [buster] - rails <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
@@ -15721,6 +15734,8 @@ CVE-2023-6327 (The ShopLentor (formerly WooLentor) 
plugin for WordPress is vulne
        NOT-FOR-US: WordPress plugin
 CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote 
attackers to ca ...)
        - unbound 1.20.0-1
+       [bookworm] - unbound <no-dsa> (Minor issue)
+       [bullseye] - unbound <no-dsa> (Minor issue)
        [buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
        NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
        NOTE: Fixed by: 
https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de
 (release-1.20.0rc1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a19b7ba4017db74d3765388082bf3890f50469ce

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a19b7ba4017db74d3765388082bf3890f50469ce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to