[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) Fri, 08 Nov 2024 11:27:04 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f82eb2db by Moritz Muehlenhoff at 2024-11-08T20:26:08+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55765,7 +55765,7 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager 
and meal planner. Prior t
        NOT-FOR-US: Mealie
 CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability 
via the  ...)
        - pytorch 2.4.1-1 (bug #1070379)
-       [bookworm] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <ignored> (Minor issue)
        [bullseye] - pytorch <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows 
attackers to ...)
@@ -56580,7 +56580,7 @@ CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was 
discovered to contain an Off-by-
        NOTE: Introduced by 
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
 (n5.1)
 CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a 
use-after-fr ...)
        - pytorch 2.4.1-1 (bug #1070379)
-       [bookworm] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <ignored> (Minor issue)
        [bullseye] - pytorch <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
 CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer 
overflow v ...)
@@ -56599,7 +56599,7 @@ CVE-2024-31581 (FFmpeg version n6.1 was discovered to 
contain an improper valida
        NOTE: Fixed by 
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
 (n7.0)
 CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer 
overflow ...)
        - pytorch 2.4.1-1 (bug #1070379)
-       [bookworm] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <ignored> (Minor issue)
        [bullseye] - pytorch <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
 CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap 
use-after-free  ...)
@@ -84159,7 +84159,7 @@ CVE-2023-6493 (The Depicter Slider \u2013 Responsive 
Image Slider, Video Slider
        NOT-FOR-US: WordPress plugin
 CVE-2023-52323 (PyCryptodome and pycryptodomex before 3.19.1 allow 
side-channel leakag ...)
        - pycryptodome 3.20.0+dfsg-1 (bug #1060059)
-       [bookworm] - pycryptodome <no-dsa> (Minor issue)
+       [bookworm] - pycryptodome <ignored> (Minor issue)
        [bullseye] - pycryptodome <no-dsa> (Minor issue)
        [buster] - pycryptodome <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd
 (v3.19.1)
@@ -98862,20 +98862,24 @@ CVE-2023-5554 (Lack of TLS certificate verification 
in log transmission of a fin
        NOT-FOR-US: LINE
 CVE-2023-5072 (Denial of Service  in JSON-Java versions up to and including 
20230618. ...)
        - libjson-java <unfixed> (bug #1053882)
-       [bookworm] - libjson-java <no-dsa> (Minor issue)
+       [bookworm] - libjson-java <no-dsa> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - libjson-java <no-dsa> (Minor issue)
        [buster] - libjson-java <no-dsa> (Minor issue)
        - jenkins-json <unfixed> (bug #1053883)
-       [bookworm] - jenkins-json <no-dsa> (Minor issue)
+       [bookworm] - jenkins-json <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - jenkins-json <no-dsa> (Minor issue)
        [buster] - jenkins-json <no-dsa> (Minor issue)
        - libjettison-java <unfixed> (bug #1053884)
-       [bookworm] - libjettison-java <no-dsa> (Minor issue)
+       [bookworm] - libjettison-java <postponed> (Minor issue, revisit when 
fixed upstream)
        [bullseye] - libjettison-java <no-dsa> (Minor issue)
        [buster] - libjettison-java <no-dsa> (Minor issue)
        NOTE: https://github.com/stleary/JSON-java/issues/758
        NOTE: https://github.com/stleary/JSON-java/issues/771
        NOTE: https://github.com/stleary/JSON-java/pull/772/
+       NOTE: 
https://github.com/stleary/JSON-java/commit/eaa5611ba3a58737a57656a5a36f0917dd1e702b
 (20231013)
+       NOTE: 
https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe
 (20231013)
+       NOTE: 
https://github.com/stleary/JSON-java/commit/16967f322ee65c301b48fa79bb681e38896fd212
 (20231013)
+       NOTE: 
https://github.com/stleary/JSON-java/commit/661114c50dcfd53bb041aab66f14bb91e0a87c8a
 (20231013)
 CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Procost
 CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -106320,20 +106324,20 @@ CVE-2023-40857 (Buffer Overflow vulnerability in 
VirusTotal yara v.4.3.2 allows
        NOTE: Non issue, untrusted yara rules not supported, see 
https://github.com/VirusTotal/yara/issues/1948
 CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote 
attacker to o ...)
        - libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
-       [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+       [bookworm] - libpf4j-java <ignored> (Minor issue)
        NOTE: https://github.com/pf4j/pf4j/pull/537
        NOTE: https://github.com/pf4j/pf4j/pull/538
        NOTE: Fixed by: 
https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72
 CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote 
attacker to o ...)
        - libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
-       [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+       [bookworm] - libpf4j-java <ignored> (Minor issue)
        NOTE: https://github.com/pf4j/pf4j/issues/536
        NOTE: https://github.com/pf4j/pf4j/pull/537
        NOTE: https://github.com/pf4j/pf4j/pull/538
        NOTE: Fixed by: 
https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72
 CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote 
attacker to o ...)
        - libpf4j-java 3.9.0+dfsg-2 (bug #1050834)
-       [bookworm] - libpf4j-java <no-dsa> (Minor issue)
+       [bookworm] - libpf4j-java <ignored> (Minor issue)
        NOTE: https://github.com/pf4j/pf4j/issues/536
        NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526
        NOTE: https://github.com/pf4j/pf4j/pull/538
@@ -113764,7 +113768,7 @@ CVE-2023-34471 (AMI SPx contains a vulnerability in 
the BMC where a user may cau
        NOT-FOR-US: AMI SPx
 CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction 
with web ...)
        - python-mechanicalsoup 1.3.0-1 (bug #1041814)
-       [bookworm] - python-mechanicalsoup <no-dsa> (Minor issue)
+       [bookworm] - python-mechanicalsoup <ignored> (Minor issue)
        [bullseye] - python-mechanicalsoup <no-dsa> (Minor issue)
        [buster] - python-mechanicalsoup <no-dsa> (Minor issue; invasive 
backport required)
        NOTE: 
https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f82eb2dbb1b4c5eff05b2967081582d285edf00d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f82eb2dbb1b4c5eff05b2967081582d285edf00d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] triage older issues

Reply via email to