Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: ca874b5c by Moritz Muehlenhoff at 2024-09-27T13:42:49+02:00 bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -4,6 +4,7 @@ CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordP NOT-FOR-US: WordPress plugin CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/351/ CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin @@ -290,6 +291,7 @@ CVE-2022-49037 (Insertion of sensitive information into log file vulnerability i NOT-FOR-US: Synology CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability] - bluez <unfixed> + [bookworm] - bluez <no-dsa> (Minor issue) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.de...@gmail.com/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e @@ -914,6 +916,7 @@ CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local NOTE: https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d (0.54-1test1) CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...) - qemu <unfixed> (bug #1082406) + [bookworm] - qemu <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw all ...) @@ -35139,7 +35142,9 @@ CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software f NOT-FOR-US: Intel CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all versions may al ...) - intel-mediasdk <unfixed> + [bookworm] - intel-mediasdk <no-dsa> (Minor issue) - onevpl <unfixed> + [bookworm] - onevpl <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for Windows ...) NOT-FOR-US: Intel ===================================== data/dsa-needed.txt ===================================== @@ -34,6 +34,8 @@ node-dompurify opennds pinged maintainer, but no reply yet. should most probably be bumped to 10.x -- +php8.2 (jmm) +-- python-aiohttp -- python-reportlab View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits