bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 30 Jul 2024 02:07:55 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d102e7e6 by Moritz Muehlenhoff at 2024-07-30T11:07:26+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -423,7 +423,8 @@ CVE-2024-6124 (Reflected XSS in M-Files Hubshare before 
version 5.0.6.0 allowsan
 CVE-2024-4848
        REJECTED
 CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle appropriately some 
paramet ...)
-       - sdop <unfixed>
+       - sdop <unfixed> (unimportant)
+       NOTE: Crash in CLI tool, no security impact
        NOTE: 
https://github.com/PhilipHazel/SDoP/commit/ff83d851b4b39ff2fd37ab2ab14365649515b023
 CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored 
cross-site scrip ...)
        NOT-FOR-US: Note Mark
@@ -5828,6 +5829,8 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin 
for WordPress is vulnerab
        NOT-FOR-US: WordPress plugin
 CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the 
jaraco/zipp libr ...)
        - python-zipp 3.19.2-1
+       [bookworm] - python-zipp <no-dsa> (Minor issue)
+       [bullseye] - python-zipp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd 
(v3.19.1)
 CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository 
allows atta ...)
        NOT-FOR-US: stitionai/devika
@@ -6153,6 +6156,8 @@ CVE-2024-6523 (A vulnerability was found in ZKTeco 
BioTime up to 9.5.2. It has b
        NOT-FOR-US: ZKTeco BioTime
 CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When 
enabling the R ...)
        - qemu <unfixed> (bug #1075919)
+       [bookworm] - qemu <no-dsa> (Minor issue)
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295760
 CVE-2024-6298 (Improper Input Validation vulnerability in ABB 
ASPECT-Enterprise on Li ...)
        NOT-FOR-US: ABB


=====================================
data/dsa-needed.txt
=====================================
@@ -88,6 +88,8 @@ ruby-sinatra/oldstable
 --
 ruby-tzinfo/oldstable
 --
+setuptools
+--
 squid
 --
 tinyproxy/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d102e7e6f0f05d85be171321aa44871720cbf1ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d102e7e6f0f05d85be171321aa44871720cbf1ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to