Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 92c39422 by Salvatore Bonaccorso at 2024-09-26T21:40:06+02:00 Revert fixed status for libxml2 issue in unstable We have a temporary revert back to 2.12.7+dfsg+really2.9.14-0.1 reintroducing these issues due to https://bugs.debian.org/1073508 . Link: https://bugs.debian.org/1073508 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -36381,7 +36381,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - - libxml2 2.12.7+dfsg-1 (unimportant; bug #1071162) + - libxml2 <unfixed> (unimportant; bug #1071162) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7) @@ -66040,7 +66040,7 @@ CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM NOT-FOR-US: Meinberg CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...) [experimental] - libxml2 2.12.5+dfsg-0exp1 - - libxml2 2.12.7+dfsg-1 (bug #1063234) + - libxml2 <unfixed> (bug #1063234) [bookworm] - libxml2 <no-dsa> (Minor issue) [bullseye] - libxml2 <no-dsa> (Minor issue) [buster] - libxml2 <no-dsa> (Minor issue) @@ -88182,7 +88182,7 @@ CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.0 NOT-FOR-US: Subiquity CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - - libxml2 2.12.7+dfsg-1 (bug #1053629) + - libxml2 <unfixed> (bug #1053629) [bookworm] - libxml2 <no-dsa> (Minor issue) [bullseye] - libxml2 <no-dsa> (Minor issue) [buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger) @@ -94122,7 +94122,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue. CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - - libxml2 2.12.7+dfsg-1 (bug #1051230) + - libxml2 <unfixed> (bug #1051230) [bookworm] - libxml2 <no-dsa> (Minor issue) [bullseye] - libxml2 <no-dsa> (Minor issue) [buster] - libxml2 <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c39422194fb920592c71244a102bc99f07b7a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c39422194fb920592c71244a102bc99f07b7a1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
