Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9725ea5d by Salvatore Bonaccorso at 2024-10-19T17:13:17+02:00
python-certifi: Update eariest upstram version matching unstable upload
including the GHSA changes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24422,9 +24422,7 @@ CVE-2024-39696 (Evmos is a decentralized Ethereum
Virtual Machine chain on the C
CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix
messaging ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2024-39689 (Certifi is a curated collection of Root Certificates for
validating th ...)
- - python-certifi 2024.8.30+dfsg-1
- [bookworm] - python-certifi <no-dsa> (Minor issue)
- [bullseye] - python-certifi <no-dsa> (Minor issue)
+ - python-certifi 2024.8.30-1 (unimportant)
NOTE:
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
NOTE: Debian's python-certifi is patched to return the location of
Debian-provided CA certificates
CVE-2024-39687 (Fedify is a TypeScript library for building federated server
apps powe ...)
@@ -104254,9 +104252,7 @@ CVE-2023-38435 (An improper neutralization of input
during web page generation (
CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use
hard-coded c ...)
NOT-FOR-US: Fujitsu
CVE-2023-37920 (Certifi is a curated collection of Root Certificates for
validating th ...)
- - python-certifi 2024.8.30+dfsg-1
- [bookworm] - python-certifi <no-dsa> (Minor issue)
- [bullseye] - python-certifi <no-dsa> (Minor issue)
+ - python-certifi 2023.7.22-1 (unimportant)
NOTE:
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
NOTE: Debian's python-certifi is patched to return the location of
Debian-provided CA certificates
CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability
allows act ...)
@@ -217971,9 +217967,7 @@ CVE-2022-23493 (xrdp is an open source project which
provides a graphical login
CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go
programming l ...)
NOT-FOR-US: go-libp2p
CVE-2022-23491 (Certifi is a curated collection of Root Certificates for
validating th ...)
- - python-certifi 2024.8.30+dfsg-1
- [bookworm] - python-certifi <no-dsa> (Minor issue)
- [bullseye] - python-certifi <no-dsa> (Minor issue)
+ - python-certifi 2023.7.22-1 (unimportant)
NOTE:
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
NOTE: Debian's python-certifi is patched to return the location of
Debian-provided CA certificates
CVE-2022-23490 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9725ea5d32b1194023d45febb897517a2a092186
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9725ea5d32b1194023d45febb897517a2a092186
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
