bullseye triage

Moritz Muehlenhoff (@jmm) Sat, 03 Aug 2024 09:34:05 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b2555604 by Moritz Muehlenhoff at 2024-08-03T18:33:13+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137,12 +137,18 @@ CVE-2024-5595 (The Essential Blocks  WordPress plugin 
before 4.7.0 does not vali
        NOT-FOR-US: WordPress plugin
 CVE-2024-42461 (In the Elliptic package 6.5.6 for Node.js, ECDSA signature 
malleabilit ...)
        - node-elliptic <unfixed> (bug #1077821)
+       [bookworm] - node-elliptic <no-dsa> (Minor issue)
+       [bullseye] - node-elliptic <no-dsa> (Minor issue)
        NOTE: https://github.com/indutny/elliptic/pull/317
 CVE-2024-42460 (In the Elliptic package 6.5.6 for Node.js, ECDSA signature 
malleabilit ...)
        - node-elliptic <unfixed> (bug #1077821)
+       [bookworm] - node-elliptic <no-dsa> (Minor issue)
+       [bullseye] - node-elliptic <no-dsa> (Minor issue)
        NOTE: https://github.com/indutny/elliptic/pull/317
 CVE-2024-42459 (In the Elliptic package 6.5.6 for Node.js, EDDSA signature 
malleabilit ...)
        - node-elliptic <unfixed> (bug #1077821)
+       [bookworm] - node-elliptic <no-dsa> (Minor issue)
+       [bullseye] - node-elliptic <no-dsa> (Minor issue)
        NOTE: https://github.com/indutny/elliptic/pull/317
 CVE-2024-42458 (server.c in Neat VNC (aka neatvnc) before 0.8.1 does not 
properly vali ...)
        - neatvnc <unfixed> (bug #1077822)
@@ -295,6 +301,8 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability 
affecting CPython.  The
        NOTE: https://github.com/python/cpython/pull/122233
 CVE-2024-6873 (It is possible to crash or redirect the execution flow of the 
ClickHou ...)
        - clickhouse <unfixed> (bug #1077820)
+       [bookworm] - clickhouse <no-dsa> (Minor issue)
+       [bullseye] - clickhouse <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/64024
 CVE-2024-6346 (The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin 
for WordP ...)
@@ -639,6 +647,8 @@ CVE-2024-37281 (An issue was discovered in Kibana where a 
user with Viewer role
        - kibana <itp> (bug #700337)
 CVE-2024-7264 (libcurl's ASN1 parser code has the `GTime2str()` function, used 
for pa ...)
        - curl 8.9.1-1 (bug #1077656)
+       [bookworm] - curl <no-dsa> (Minor issue)
+       [bullseye] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2024-7264.html
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d 
(curl-7_32_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 
(curl-8_9_1)
@@ -6929,6 +6939,8 @@ CVE-2024-39677 (NHibernate is an object-relational mapper 
for the .NET framework
        NOT-FOR-US: NHibernate
 CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
        - botan 2.19.5+dfsg-1
+       [bookworm] - botan <no-dsa> (Minor issue)
+       [bullseye] - botan <no-dsa> (Minor issue)
        NOTE: 
https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86
 CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for 
managing d ...)
        NOT-FOR-US: RailsAdmin
@@ -6940,6 +6952,8 @@ CVE-2024-37999 (A vulnerability has been identified in 
Medicalis Workflow Orches
        NOT-FOR-US: Medicalis Workflow Orchestrator
 CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
        - botan 2.19.5+dfsg-1
+       [bookworm] - botan <no-dsa> (Minor issue)
+       [bullseye] - botan <no-dsa> (Minor issue)
        NOTE: 
https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
        NOTE: https://github.com/randombit/botan/pull/4034
        NOTE: https://github.com/randombit/botan/pull/4045
@@ -8169,6 +8183,8 @@ CVE-2024-38480 ("Piccoma" App for Android and iOS 
versions prior to 6.20.0 uses
        NOT-FOR-US: "Piccoma" App for Android and iOS
 CVE-2024-34703 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
        - botan 2.19.4+dfsg-1
+       [bookworm] - botan <no-dsa> (Minor issue)
+       [bullseye] - botan <no-dsa> (Minor issue)
        NOTE: 
https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
        NOTE: 
https://github.com/randombit/botan/commit/fbe9ec578a8548958677224d2e60d2c2c838bc9a
 (3.3.0)
        NOTE: 
https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
 (2.19.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b25556047f844d23ac4d37d2c1e112e411d5f4ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b25556047f844d23ac4d37d2c1e112e411d5f4ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to