Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05b5b91f by Adrian Bunk at 2024-10-22T23:56:06+03:00
Reserve DLA-3933-1 for dmitry
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -49286,7 +49286,6 @@ CVE-2024-33350 (Directory Traversal vulnerability in
TaoCMS v.3.0.2 allows a rem
CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a
format-string ...)
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
- [bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
NOTE: https://github.com/jaygreig86/dmitry/pull/12
CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection
vulnera ...)
@@ -338860,7 +338859,6 @@ CVE-2020-14932 (compose.php in SquirrelMail 1.4.22
calls unserialize for the $ma
CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information
Gatheri ...)
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
- [bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, requires hostile whois
server)
NOTE: https://github.com/jaygreig86/dmitry/issues/4
NOTE: https://github.com/jaygreig86/dmitry/pull/6
@@ -519017,7 +519015,6 @@ CVE-2017-7939 (The read_next_pam_token function in
imagew-pnm.c in libimageworse
CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information
Gathering ...)
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
- [bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
NOTE:
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
NOTE: https://github.com/jaygreig86/dmitry/pull/12
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Oct 2024] DLA-3933-1 dmitry - security update
+ {CVE-2017-7938 CVE-2020-14931 CVE-2024-31837}
+ [bullseye] - dmitry 1.3a-1.1+deb11u1
[22 Oct 2024] DLA-3932-1 python-sql - security update
{CVE-2024-9774}
[bullseye] - python-sql 1.2.1-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -45,10 +45,6 @@ ckeditor
NOTE: 20241002: Added by Front-Desk (Beuc)
NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
--
-dmitry (Adrian Bunk)
- NOTE: 20241021: Added by Front-Desk (lamby)
- NOTE: 20241021: Sync with stable (lamby)
---
dnsmasq
NOTE: 20240313: Added by oldstable Security Team (jmm)
NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and
CVE-2023-50868
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b5b91f2b1312332f31495cf7e5d49673f49c93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b5b91f2b1312332f31495cf7e5d49673f49c93
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
