[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Wed, 09 Oct 2024 03:35:55 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ff23c741 by Moritz Muehlenhoff at 2024-10-09T12:35:22+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,6 +33,7 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to 
manage widgets for you
        NOT-FOR-US: Lara-zeus Dynamic Dashboard
 CVE-2024-47814 (Vim is an open source, command line text editor. A 
use-after-free was  ...)
        - vim <unfixed> (bug #1084806)
+       [bookworm] - vim <no-dsa> (Minor issue)
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
        NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 
(v9.1.0764)
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a 
CreateWiki manage ...)
@@ -1511,6 +1512,7 @@ CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is 
vulnerable to Improper A
        NOT-FOR-US: PIX-LINK
 CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow 
via gif2 ...)
        - giflib <unfixed> (bug #1084058)
+       [bookworm] - giflib <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/mthandazo/project-pov
 CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 
24.4.2 al ...)
        NOT-FOR-US: Solvait
@@ -1647,6 +1649,7 @@ CVE-2024-46453 (A cross-site scripting (XSS) 
vulnerability in the component /tes
        NOT-FOR-US: iq3xcite
 CVE-2024-38796 (EDK2 contains a vulnerability in the 
PeCoffLoaderRelocateImage(). An A ...)
        - edk2 <unfixed> (bug #1084055)
+       [bookworm] - edk2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1993
        NOTE: https://github.com/tianocore/edk2/pull/6249
@@ -2235,6 +2238,7 @@ CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 
9.5.x <= 9.5.8 fail to
        - mattermost-server <itp> (bug #823556)
 CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the 
MD5Importer::Lo ...)
        - assimp <unfixed> (bug #1082857)
+       [bookworm] - assimp <no-dsa> (Minor issue)
        NOTE: https://github.com/assimp/assimp/issues/5771
 CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows 
attackers to ex ...)
        NOT-FOR-US: BECN DATAGERRY
@@ -5534,6 +5538,7 @@ CVE-2024-45591 (XWiki Platform is a generic wiki 
platform. The REST API exposes
        NOT-FOR-US: XWiki
 CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser 
<1.20.3 is ...)
        - node-body-parser 1.20.3+~1.19.5-1 (bug #1081657)
+       [bookworm] - node-body-parser <no-dsa> (Minor issue)
        NOTE: 
https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
        NOTE: 
https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
 (1.20.3)
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by 
providing a ...)
@@ -136282,7 +136287,9 @@ CVE-2023-22925
        RESERVED
 CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) 
oneVPL soft ...)
        - intel-mediasdk <unfixed> (bug #1082866)
+       [bookworm] - intel-mediasdk <no-dsa> (Minor issue)
        - onevpl <unfixed> (bug #1082867)
+       [bookworm] - onevpl <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-22433
        RESERVED


=====================================
data/DSA/list
=====================================
@@ -19,7 +19,7 @@
        {CVE-2024-7025 CVE-2024-9369 CVE-2024-9370}
        [bookworm] - chromium 129.0.6668.89-1~deb12u1
 [02 Oct 2024] DSA-5780-1 php8.2 - security update
-       {CVE-2024-8925 CVE-2024-8926 CVE-2024-8927}
+       {CVE-2024-8925 CVE-2024-8926 CVE-2024-8927 CVE-2024-9026}
        [bookworm] - php8.2 8.2.24-1~deb12u1
 [29 Sep 2024] DSA-5779-1 cups - security update
        {CVE-2024-47175}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff23c741d367a2f3d0c745b5bdc28e964e75b19f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to