Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
450c4c57 by Emilio Pozuelo Monfort at 2024-10-11T13:03:00+02:00
Triage chromium issues as EOL for bullseye
- - - - -
574afb7c by Emilio Pozuelo Monfort at 2024-10-11T13:03:02+02:00
Triage golang-github-containers-buildah issues for bullseye
- - - - -
541069d4 by Emilio Pozuelo Monfort at 2024-10-11T13:03:04+02:00
Triage CVE-2024-45590/node-body-parser for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -419,6 +419,7 @@ CVE-2024-9680 (An attacker was able to achieve code
execution in the content pro
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not
properly val ...)
- golang-github-containers-buildah <unfixed>
+ [bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://phabricator.wikimedia.org/T376886
CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism
to see ...)
NOT-FOR-US: Red Hat 3scale
@@ -1011,9 +1012,11 @@ CVE-2024-28168 (Improper Restriction of XML External
Entity Reference ('XXE') vu
CVE-2024-9603 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
allowed ...)
{DSA-5787-1}
- chromium 129.0.6668.100-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9602 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
allowed ...)
{DSA-5787-1}
- chromium 129.0.6668.100-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9622 (A vulnerability was found in the resteasy-netty4 library
arising from ...)
NOT-FOR-US: resteasy-netty4
CVE-2024-9621 (A vulnerability was found in Quarkus CXF. Passwords and other
secrets ...)
@@ -2146,6 +2149,7 @@ CVE-2024-XXXX [znuny zsa-2024-04]
NOTE: https://www.znuny.org/en/advisories/zsa-2024-04
CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the
Dockerfil ...)
- golang-github-containers-buildah <unfixed>
+ [bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before
version 24. ...)
NOT-FOR-US: M-Files
@@ -6557,6 +6561,7 @@ CVE-2024-45591 (XWiki Platform is a generic wiki
platform. The REST API exposes
CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser
<1.20.3 is ...)
- node-body-parser 1.20.3+~1.19.5-1 (bug #1081657)
[bookworm] - node-body-parser <no-dsa> (Minor issue)
+ [bullseye] - node-body-parser <postponed> (Minor issue)
NOTE:
https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
NOTE:
https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
(1.20.3)
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by
providing a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8a451a99283db6009add6c1d54794bc45cd297f1...541069d451b8a9a0a83c32b46ef05d67e5081aec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8a451a99283db6009add6c1d54794bc45cd297f1...541069d451b8a9a0a83c32b46ef05d67e5081aec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
