[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 13 Sep 2024 12:42:12 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2b7b239 by Moritz Muehlenhoff at 2024-09-13T21:41:43+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -851,6 +851,7 @@ CVE-2024-44087 (A vulnerability has been identified in 
Automation License Manage
        NOT-FOR-US: Siemens
 CVE-2024-43800 (serve-static serves static files. serve-static passes 
untrusted user i ...)
        - node-serve-static <unfixed> (bug #1081482)
+       [bookworm] - node-serve-static <no-dsa> (Minor issue)
        NOTE: 
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
        NOTE: 
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
 (1.16.0)
        NOTE: 
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
 (2.1.0)
@@ -860,6 +861,7 @@ CVE-2024-43799 (Send is a library for streaming files from 
the file system as a
        NOTE: 
https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35
 (0.19.0)
 CVE-2024-43796 (Express.js minimalist web framework for node. In express < 
4.20.0, pas ...)
        - node-express <unfixed> (bug #1081481)
+       [bookworm] - node-express <no-dsa> (Minor issue)
        NOTE: 
https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
        NOTE: 
https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
 (4.20.0)
 CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All 
versions ...)
@@ -1265,6 +1267,7 @@ CVE-2024-45406 (Craft is a content management system 
(CMS). Craft CMS 5 stored X
        NOT-FOR-US: Craft CMS
 CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. 
In certa ...)
        - node-path-to-regexp <unfixed> (bug #1081656)
+       [bookworm] - node-path-to-regexp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j
        NOTE: 
https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6
 (v8.0.0)
 CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that 
integrates ext ...)
@@ -2480,6 +2483,7 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability 
affecting CPython.
        - python3.13 3.13.0~rc2-1
        - python3.12 3.12.6-1
        - python3.11 <removed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
@@ -3450,6 +3454,7 @@ CVE-2024-6632 (A vulnerability exists in FileCatalyst 
Workflow whereby a field a
        NOT-FOR-US: FileCatalyst Workflow
 CVE-2024-5991 (In function MatchDomainName(), input param str is treated as a 
NULL te ...)
        - wolfssl <unfixed>
+       [bookworm] - wolfssl <no-dsa> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
        NOTE: https://github.com/wolfSSL/wolfssl/pull/7604
 CVE-2024-5814 (A malicious TLS1.2 server can force a TLS1.3 client with 
downgrade cap ...)
@@ -48076,7 +48081,8 @@ CVE-2024-3221 (A vulnerability classified as critical 
was found in SourceCodeste
 CVE-2024-3218 (A vulnerability classified as critical has been found in 
Shibang Commu ...)
        NOT-FOR-US: Shibang Communications IP Network Intercom Broadcasting 
System
 CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated 
as cri ...)
-       - upx-ucl 4.2.4-1
+       - upx-ucl 4.2.4-1 (unimportant)
+       NOTE: Crash in CLI tool, no security impact
        NOTE: https://github.com/upx/upx/issues/841
 CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It 
has been ...)
        NOT-FOR-US: ermig1979 Simd


=====================================
data/dsa-needed.txt
=====================================
@@ -49,5 +49,7 @@ smarty4
 --
 twisted (jmm)
 --
+xen
+--
 zabbix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2b7b23945a0aa1e9b9f134831e3c0c33eb5878e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2b7b23945a0aa1e9b9f134831e3c0c33eb5878e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to