[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2024-47814/vim as postponed for bullseye

Fri, 11 Oct 2024 01:27:59 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89e2543b by Emilio Pozuelo Monfort at 2024-10-11T10:27:35+02:00
Mark CVE-2024-47814/vim as postponed for bullseye

- - - - -
dda930b7 by Emilio Pozuelo Monfort at 2024-10-11T10:27:36+02:00
Triage libarchive filter CVEs as n/a on bullseye

- - - - -
6e4134b6 by Emilio Pozuelo Monfort at 2024-10-11T10:27:36+02:00
lts: add firmware-nonfree

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -350,10 +350,12 @@ CVE-2024-6747 (Information leakage in mknotifyd in 
Checkmk before 2.3.0p18, 2.2.
        - check-mk <removed>
 CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in 
libarchiv ...)
        - libarchive <unfixed>
+       [bullseye] - libarchive <not-affected> (RAR filter support introduced 
in 3.6.0)
        NOTE: https://github.com/libarchive/libarchive/pull/2148
        NOTE: 
https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
 (v3.7.5)
 CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in 
libarchiv ...)
        - libarchive <unfixed>
+       [bullseye] - libarchive <not-affected> (RAR filter support introduced 
in 3.6.0)
        NOTE: https://github.com/libarchive/libarchive/pull/2149
        NOTE: 
https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
 (v3.7.5)
 CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the 
Elliptic pac ...)
@@ -1004,6 +1006,7 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to 
manage widgets for you
 CVE-2024-47814 (Vim is an open source, command line text editor. A 
use-after-free was  ...)
        - vim <unfixed> (bug #1084806)
        [bookworm] - vim <no-dsa> (Minor issue)
+       [bullseye] - vim <postponed> (Minor issue)
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
        NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 
(v9.1.0764)
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a 
CreateWiki manage ...)


=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,11 @@ ffmpeg (Markus Koschany)
   NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
   NOTE: 20240911: to support bullseye (pochu)
 --
+firmware-nonfree
+  NOTE: 20241011: Added by Front-Desk (pochu)
+  NOTE: 20241011: Update to bookworm version, possibly coordinate upload of
+  NOTE: 20241011: trixie version to bookworm-pu and backport that to bullseye 
(pochu)
+--
 flatpak (Adrian Bunk)
   NOTE: 20240814: Added by oldstable Security Team (carnil)
   NOTE: 20240815: Follow fixes from DSA-5749-1 (CVE-2024-42472) 
(Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f13327262e587eee7b3bd5d2ff4174659c3b0140...6e4134b6a2ee9bd285756f1702d47d2820ef13ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f13327262e587eee7b3bd5d2ff4174659c3b0140...6e4134b6a2ee9bd285756f1702d47d2820ef13ef
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to