[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2024-47554 in commons-io for bullseye LTS.

Wed, 23 Oct 2024 10:04:11 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6aec8999 by Chris Lamb at 2024-10-23T10:02:10-07:00
Triage CVE-2024-47554 in commons-io for bullseye LTS.

- - - - -
0df8498a by Chris Lamb at 2024-10-23T10:02:26-07:00
Triage CVE-2024-48948 in node-elliptic for bullseye LTS.

- - - - -
2484a8ba by Chris Lamb at 2024-10-23T10:02:50-07:00
Triage CVE-2024-47874 in starlette for bullseye LTS.

- - - - -
a9bcbc99 by Chris Lamb at 2024-10-23T10:03:14-07:00
Triage CVE-2024-6484 & CVE-2024-6485 in twitter-bootstrap3 for bullseye LTS.

- - - - -
cf64bf1f by Chris Lamb at 2024-10-23T10:03:36-07:00
Triage CVE-2024-6531 in twitter-bootstrap4 for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2921,6 +2921,7 @@ CVE-2024-49195 (Mbed TLS 3.5.x through 3.6.x before 3.6.2 
has a buffer underrun
 CVE-2024-48948 (The Elliptic package 6.5.7 for Node.js, in its for ECDSA 
implementatio ...)
        - node-elliptic <unfixed> (bug #1085298)
        [bookworm] - node-elliptic <no-dsa> (Minor issue)
+       [bullseye] - node-elliptic <postponed> (Minor issue; can be fixed in 
next update)
        NOTE: https://github.com/indutny/elliptic/issues/321
        NOTE: https://github.com/indutny/elliptic/pull/322
 CVE-2024-48915 (Agent Dart is an agent library built for Internet Computer for 
Dart an ...)
@@ -2956,6 +2957,7 @@ CVE-2024-47876 (Sakai is a Collaboration and Learning 
Environment. Starting in v
 CVE-2024-47874 (Starlette is an Asynchronous Server Gateway Interface (ASGI) 
framework ...)
        - starlette 0.41.0-1 (bug #1085295)
        [bookworm] - starlette <no-dsa> (Minor issue)
+       [bullseye] - starlette <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
        NOTE: 
https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
 (0.40.0)
 CVE-2024-47824 (matrix-react-sdk is react-based software development kit for 
inserting ...)
@@ -5630,6 +5632,7 @@ CVE-2024-47561 (Schema parsing in the Java SDK of Apache 
Avro 1.11.3 and previou
 CVE-2024-47554 (Uncontrolled Resource Consumption vulnerability in Apache 
Commons IO.  ...)
        - commons-io 2.16.0-1
        [bookworm] - commons-io <no-dsa> (Minor issue)
+       [bullseye] - commons-io <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
 CVE-2024-45872 (Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via 
sub_0x41 ...)
        NOT-FOR-US: Bandisoft BandiView
@@ -24603,6 +24606,7 @@ CVE-2024-6643
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
        - twitter-bootstrap4 <unfixed> (bug #1084059)
        [bookworm] - twitter-bootstrap4 <no-dsa> (Minor issue)
+       [bullseye] - twitter-bootstrap4 <postponed> (Minor issue; can be fixed 
in next update)
        - twitter-bootstrap3 <not-affected> (Only affects 4.x)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
 CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page 
Generation (' ...)
@@ -24611,11 +24615,13 @@ CVE-2024-6485 (A security vulnerability has been 
discovered in bootstrap that co
        - twitter-bootstrap4 <not-affected> (Only affects 3.x)
        - twitter-bootstrap3 <unfixed> (bug #1084060)
        [bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed 
in next update)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
        - twitter-bootstrap4 <not-affected> (Only affects 3.x)
        - twitter-bootstrap3 <unfixed> (bug #1084060)
        [bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed 
in next update)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
 CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could 
cause di ...)
        NOT-FOR-US: Schneider Electric



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4c9ecf77c1c61a7846f3df5e3f9b9d72dd5e3a8...cf64bf1f915796d13419c037e0fbef48b92c587e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4c9ecf77c1c61a7846f3df5e3f9b9d72dd5e3a8...cf64bf1f915796d13419c037e0fbef48b92c587e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to