Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8af8242 by Moritz Muehlenhoff at 2024-09-20T17:18:06+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,6 +39,7 @@ CVE-2024-8375 (There exists a use after free vulnerability in
Reverb.Reverb supp
NOT-FOR-US: Google Reverb
CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in
the usb_ ...)
- qemu <unfixed> (bug #1082377)
+ [bookworm] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313497
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2548
CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -83,6 +84,7 @@ CVE-2024-45806 (Envoy is a cloud-native high-performance
edge/middle/service pro
- envoyproxy <itp> (bug #987544)
CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows
any unpriv ...)
- logiops <unfixed> (bug #1082378)
+ [bookworm] - logiops <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1226598
CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In
affected vers ...)
- puma <unfixed> (bug #1082379)
@@ -104,6 +106,7 @@ CVE-2024-33109 (Directory Traversal in the web interface of
the Tiptel IP 286 wi
NOT-FOR-US: Tiptel
CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a
stack-based buffe ...)
- freeimage <unfixed> (bug #1082380)
+ [bookworm] - freeimage <no-dsa> (Minor issue#)
NOTE: https://sourceforge.net/p/freeimage/bugs/355/
NOTE: https://www.openwall.com/lists/oss-security/2024/04/11/10
CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and
all earli ...)
@@ -124,6 +127,7 @@ CVE-2024-8364 (The WP Custom Fields Search plugin for
WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2024-7254 (Any project that parses untrusted Protocol Buffers
datacontaining an a ...)
- protobuf <unfixed> (bug #1082381)
+ [bookworm] - protobuf <no-dsa> (Minor issue)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to
improper ...)
NOT-FOR-US: Apex Softcell LD Geo
@@ -291,6 +295,7 @@ CVE-2024-45813 (find-my-way is a fast, open source HTTP
router, internally using
NOT-FOR-US: find-my-way
CVE-2024-45679 (Heap-based buffer overflow vulnerability in Assimp versions
prior to 5 ...)
- assimp 5.4.0+ds-1
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/pull/5310
NOTE:
https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d
(v5.4.0)
CVE-2024-45601 (Mesop is a Python-based UI framework designed for rapid web
apps devel ...)
@@ -400,8 +405,10 @@ CVE-2024-36981 (An out-of-bounds read vulnerability exists
in the OpenPLC Runtim
CVE-2024-36980 (An out-of-bounds read vulnerability exists in the OpenPLC
Runtime Ethe ...)
NOT-FOR-US: OpenPLC
CVE-2024-35515 (Insecure deserialization in sqlitedict up to v2.1.0 allows
attackers t ...)
- - sqlitedict <unfixed>
+ - sqlitedict <unfixed> (unimportant)
NOTE: https://wha13.github.io/2024/06/13/mfcve/
+ NOTE: https://github.com/piskvorky/sqlitedict/issues/174
+ NOTE: Not considered a security issue by upstream
CVE-2024-34399 (**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC
Remedy Mi ...)
NOT-FOR-US: BMC Remedy Mid Tier
CVE-2024-34057 (Triangle Microworks TMW IEC 61850 Client source code libraries
before ...)
@@ -4558,6 +4565,7 @@ CVE-2024-34577 (Cross-site scripting vulnerability exists
in WRC-X3000GS2-B, WRC
NOT-FOR-US: WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B
CVE-2024-2881 (Fault Injection vulnerability inwc_ed25519_sign_msg function in
wolfss ...)
- wolfssl 5.7.0-0.3
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
CVE-2024-2694 (The Betheme theme for WordPress is vulnerable to PHP Object
Injection ...)
NOT-FOR-US: WordPress theme
@@ -5114,6 +5122,7 @@ CVE-2024-36068 (An incorrect access control vulnerability
in Rubrik CDM versions
NOT-FOR-US: Rubrik CDM
CVE-2024-1544 (Generating the ECDSA nonce k samples a random number r and then
trunc ...)
- wolfssl <unfixed> (bug #1081789)
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
NOTE: https://github.com/wolfSSL/wolfssl/pull/7020
CVE-2024-8046 (The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider &
Logo Gr ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -50,6 +50,8 @@ smarty3
--
smarty4
--
+tryton-server (jmm)
+--
twisted (jmm)
--
xen
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8af82420935a4d5a08b80899ab7521786de7362
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8af82420935a4d5a08b80899ab7521786de7362
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
