bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 08 Aug 2024 22:44:22 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c394357e by Moritz Muehlenhoff at 2024-08-09T07:43:21+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,6 +76,7 @@ CVE-2024-42001 (An improper authentication vulnerability 
affecting Vonets
        NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-41942 (JupyterHub is software that allows one to create a multi-user 
server f ...)
        - jupyterhub <unfixed>
+       [bookworm] - jupyterhub <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f
        NOTE: 
https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428
 (4.1.6)
        NOTE: 
https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba
 (5.1.0)
@@ -903,36 +904,58 @@ CVE-2023-5000 (The Horizontal scrolling announcements 
plugin for WordPress is vu
        NOT-FOR-US: WordPress plugin
 CVE-2024-7547 (oFono SMS Decoder Stack-based Buffer Overflow Privilege 
Escalation Vul ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/
 CVE-2024-7546 (oFono SimToolKit Heap-based Buffer Overflow Privilege 
Escalation Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1086/
 CVE-2024-7545 (oFono SimToolKit Heap-based Buffer Overflow Privilege 
Escalation Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1085/
 CVE-2024-7544 (oFono SimToolKit Heap-based Buffer Overflow Privilege 
Escalation Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1084/
 CVE-2024-7543 (oFono SimToolKit Heap-based Buffer Overflow Privilege 
Escalation Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1083/
 CVE-2024-7542 (oFono AT CMGR Command Uninitialized Variable Information 
Disclosure Vu ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1082/
 CVE-2024-7541 (oFono AT CMT Command Uninitialized Variable Information 
Disclosure Vul ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1081/
 CVE-2024-7540 (oFono AT CMGL Command Uninitialized Variable Information 
Disclosure Vu ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1080/
 CVE-2024-7539 (oFono CUSD Stack-based Buffer Overflow Code Execution 
Vulnerability. T ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
 CVE-2024-7538 (oFono CUSD AT Command Stack-based Buffer Overflow Code 
Execution Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1078/
 CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information 
Disclosure Vulne ...)
        - ofono <unfixed>
+       [bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
+       [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
 CVE-2024-7006 [NULL pointer dereference in tif_dirinfo.c]
        - tiff <unfixed>
@@ -1053,6 +1076,8 @@ CVE-2023-31355 (Improper restriction of write operations 
in SNP firmware could a
        NOT-FOR-US: AMD
 CVE-2024-7383 (A flaw was found in libnbd. The client did not always correctly 
verify ...)
        - libnbd 1.20.2-1
+       [bookworm] - libnbd <no-dsa> (Minor issue)
+       [bullseye] - libnbd <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302865
        NOTE: 
https://lists.libguestfs.org/archives/list/guestfs%40lists.libguestfs.org/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/
        NOTE: Fixed by: 
https://gitlab.com/nbdkit/libnbd/-/commit/87ef41b69929d5d293390ec36b1c10aba2c9a57a
 (v1.20.2)
@@ -32662,6 +32687,8 @@ CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 
allows a local attacker to ob
 CVE-2024-28130 (An incorrect type conversion vulnerability exists in the 
DVPSSoftcopyV ...)
        {DLA-3847-1}
        - dcmtk 3.6.7-14 (bug #1070207)
+       [bookworm] - dcmtk <no-dsa> (Minor issue)
+       [bullseye] - dcmtk <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
        NOTE: https://support.dcmtk.org/redmine/issues/1120
        NOTE: 
https://github.com/DCMTK/dcmtk/commit/dc6a2446dc03c9db90f82ce17a597f2cd53776c5


=====================================
data/dsa-needed.txt
=====================================
@@ -66,9 +66,9 @@ php-horde-mime-viewer/oldstable
 --
 php-horde-turba/oldstable
 --
-postgresql-13/oldstable
+postgresql-13/oldstable (jmm)
 --
-postgresql-15/stable
+postgresql-15/stable (jmm)
 --
 pymatgen/stable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c394357e8887a252f1165f22ac27ebb4884cf881

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c394357e8887a252f1165f22ac27ebb4884cf881
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to