Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca874b5c by Moritz Muehlenhoff at 2024-09-27T13:42:49+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,7 @@ CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder 
plugin for WordP
        NOT-FOR-US: WordPress plugin
 CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted 
image can  ...)
        - freeimage <unfixed>
+       [bookworm] - freeimage <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/freeimage/bugs/351/
 CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable 
to Sto ...)
        NOT-FOR-US: WordPress plugin
@@ -290,6 +291,7 @@ CVE-2022-49037 (Insertion of sensitive information into log 
file vulnerability i
        NOT-FOR-US: Synology
 CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code 
Execution Vulnerability]
        - bluez <unfixed>
+       [bookworm] - bluez <no-dsa> (Minor issue)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
        NOTE: 
https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.de...@gmail.com/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
@@ -914,6 +916,7 @@ CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 
0.54-1 allows a local
        NOTE: 
https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d
 (0.54-1test1)
 CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and 
virtio-c ...)
        - qemu <unfixed> (bug #1082406)
+       [bookworm] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760
        NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
 CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This 
flaw all ...)
@@ -35139,7 +35142,9 @@ CVE-2023-45315 (Improper initialization in some 
Intel(R) Power Gadget software f
        NOT-FOR-US: Intel
 CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all 
versions may al ...)
        - intel-mediasdk <unfixed>
+       [bookworm] - intel-mediasdk <no-dsa> (Minor issue)
        - onevpl <unfixed>
+       [bookworm] - onevpl <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for 
Windows  ...)
        NOT-FOR-US: Intel


=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,8 @@ node-dompurify
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+php8.2 (jmm)
+--
 python-aiohttp
 --
 python-reportlab



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca874b5c73ffe4673ab37243ec02bdd27ae13745
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to