Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2148087a by Chris Lamb at 2024-09-07T08:53:17+01:00
data/dla-needed.txt: Triage thunderbird for bullseye LTS (CVE-2024-8381,
CVE-2024-8382 & CVE-2024-8384)
- - - - -
79aaf07c by Chris Lamb at 2024-09-07T08:53:36+01:00
Triage CVE-2023-49582 in apr for bullseye LTS.
- - - - -
d03641f0 by Chris Lamb at 2024-09-07T08:54:09+01:00
Triage CVE-2024-45230 & CVE-2024-45231 in python-django for bullseye LTS.
- - - - -
0e2836c8 by Chris Lamb at 2024-09-07T08:54:39+01:00
Triage CVE-2024-1543 & CVE-2024-1545 in wolfssl for bullseye LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -981,11 +981,13 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability
affecting CPython.
CVE-2024-45231
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
+ [bullseye] - python-django <postponed> (Minor issue; can be fixed in
next update)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
CVE-2024-45230
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
+ [bullseye] - python-django <postponed> (Minor issue; can be fixed in
next update)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
(4.2.16)
CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x
through 3.1 ...)
@@ -1440,10 +1442,12 @@ CVE-2024-2502 (An application can be configured to
block boot attempts after con
CVE-2024-1545 (Fault Injection vulnerability in RsaPrivateDecryption function
in wolf ...)
- wolfssl 5.7.0-0.3
[bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up
to ver ...)
- wolfssl 5.6.6-1.2
[bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the
connection wit ...)
@@ -2235,6 +2239,7 @@ CVE-2024-28077 (A denial-of-service issue was discovered
on certain GL-iNet devi
CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on
Unix pla ...)
- apr <unfixed> (bug #1080375)
[bookworm] - apr <no-dsa> (Minor issue)
+ [bullseye] - apr <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
CVE-2024-44942 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
=====================================
data/dla-needed.txt
=====================================
@@ -210,6 +210,9 @@ texlive-bin
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2023-32668)
(Beuc/front-desk)
--
+thunderbird
+ NOTE: 20240907: Added by Front-Desk (lamby)
+--
tinyproxy (Thorsten Alteholz)
NOTE: 20240609: Added by oldstable Security Team (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b58f91feb40dadb0acf7637c82e8045d9f940c8...0e2836c8231e69b8801ac55e7baca746d3ec7f9b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b58f91feb40dadb0acf7637c82e8045d9f940c8...0e2836c8231e69b8801ac55e7baca746d3ec7f9b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
