bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 05 Aug 2024 11:39:45 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e909ce69 by Moritz Muehlenhoff at 2024-08-05T20:38:43+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -88,6 +88,8 @@ CVE-2024-6331 (stitionai/devika main branch as of commit 
cdfb782b0e634b773b10963
        NOT-FOR-US: stitionai/devika
 CVE-2024-7409
        - qemu <unfixed>
+       [bookworm] - qemu <no-dsa> (Minor issue)
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302487
 CVE-2024-7445 (A vulnerability, which was classified as critical, has been 
found in i ...)
        NOT-FOR-US: itsourcecode Ticket Reservation System
@@ -277,6 +279,7 @@ CVE-2024-42459 (In the Elliptic package 6.5.6 for Node.js, 
EDDSA signature malle
        NOTE: https://github.com/indutny/elliptic/pull/317
 CVE-2024-42458 (server.c in Neat VNC (aka neatvnc) before 0.8.1 does not 
properly vali ...)
        - neatvnc 0.8.0+dfsg-2 (bug #1077822)
+       [bookworm] - neatvnc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47 
(v0.8.1)
 CVE-2024-41965 (Vim is an open source command line text editor. double-free in 
dialog_ ...)
        - vim <unfixed> (unimportant)
@@ -420,8 +423,11 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability 
affecting CPython.  The
        - python3.13 <unfixed>
        - python3.12 <unfixed>
        - python3.11 <unfixed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
+       [bullseye] - python3.9 <no-dsa> (Minor issue)
        - python2.7 <removed>
+       [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
        NOTE: https://github.com/python/cpython/issues/121650
        NOTE: https://github.com/python/cpython/pull/122233
 CVE-2024-6873 (It is possible to crash or redirect the execution flow of the 
ClickHou ...)
@@ -8732,6 +8738,8 @@ CVE-2024-39153 (idccms v1.35 was discovered to contain a 
Cross-Site Request Forg
        NOT-FOR-US: idccms
 CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows 
attacker ...)
        - zziplib <unfixed> (bug #1074417)
+       [bookworm] - zziplib <no-dsa> (Minor issue)
+       [bullseye] - zziplib <no-dsa> (Minor issue)
        [buster] - zziplib <postponed> (Minor issue, revisi when fixed upstream)
        NOTE: https://github.com/gdraheim/zziplib/issues/164
 CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly 
allows  ...)
@@ -42311,6 +42319,8 @@ CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a 
NULL Pointer Dereference
 CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
        [experimental] - fastdds 2.14.0+ds-1
        - fastdds 2.14.0+ds-2 (bug #1067393)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
+       [bullseye] - fastdds <no-dsa> (Minor issue)
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b
 (v2.14.0)
 CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external 
processes  ...)
@@ -42994,6 +43004,8 @@ CVE-2024-28237 (OctoPrint provides a web interface for 
controlling consumer 3D p
 CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, 
v2.11.x ...)
        [experimental] - fastdds 2.14.0+ds-1
        - fastdds 2.14.0+ds-2 (bug #1067180)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
+       [bullseye] - fastdds <no-dsa> (Minor issue)
        NOTE: https://github.com/eProsima/Fast-DDS/issues/4365
        NOTE: https://github.com/eProsima/Fast-DDS/pull/4375
 CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM 
communication buff ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -72,6 +72,8 @@ python-asyncssh
 --
 ring
 --
+roundcube
+--
 ruby2.7/oldstable
   Samuel Henrique (samueloph) is working on a update + LTS contribution WIP at 
https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e909ce697269527b083544bf2673975fb81d4896
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to