[Git][security-tracker-team/security-tracker][master] triage older issues

Fri, 08 Nov 2024 14:32:33 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c9fd5441 by Moritz Muehlenhoff at 2024-11-08T23:32:01+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17742,7 +17742,7 @@ CVE-2024-6688 (The Oxygen Builder plugin for WordPress 
is vulnerable to unauthor
        NOT-FOR-US: WordPress plugin
 CVE-2024-45321 (The App::cpanminus package through 1.7047 for Perl downloads 
code via  ...)
        - cpanminus <unfixed> (bug #1081559)
-       [bookworm] - cpanminus <no-dsa> (Minor issue)
+       [bookworm] - cpanminus <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - cpanminus <postponed> (Minor issue)
        NOTE: 
https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
        NOTE: https://github.com/miyagawa/cpanminus/issues/611
@@ -18333,7 +18333,7 @@ CVE-2024-42852 (Cross Site Scripting vulnerability in 
AcuToWeb server v.10.5.0.7
        NOT-FOR-US: AcuToWeb server
 CVE-2024-42845 (An eval Injection vulnerability in the component 
invesalius/reader/dic ...)
        - invesalius <unfixed> (bug #1082875)
-       [bookworm] - invesalius <no-dsa> (Minor issue)
+       [bookworm] - invesalius <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - invesalius <postponed> (Minor issue)
        NOTE: 
https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
 CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable 
to Incorr ...)
@@ -30027,7 +30027,7 @@ CVE-2024-39697 (phonenumber is a library for parsing, 
formatting and validating
        NOT-FOR-US: Rust crate phonenumber
 CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to 
an inte ...)
        - rapidjson <unfixed> (bug #1083187)
-       [bookworm] - rapidjson <no-dsa> (Minor issue)
+       [bookworm] - rapidjson <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - rapidjson <postponed> (Minor issue)
        NOTE: https://github.com/Tencent/rapidjson/issues/2289
 CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All 
versions < ...)
@@ -112306,7 +112306,7 @@ CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary 
commands from a remote serve
 CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 
6.2.10, and 6 ...)
        {DLA-3805-1 DLA-3539-1}
        - qt6-base 6.6.2+dfsg-8 (bug #1041104)
-       [bookworm] - qt6-base <no-dsa> (Minor issue)
+       [bookworm] - qt6-base <ignored> (Minor issue, too intrusive to backport 
to 6.4)
        - qtbase-opensource-src-gles 5.15.10+dfsg-3 (bug #1041106)
        [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
        [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9fd54412d7d5cf11c67c3e04200b2d1b457b738

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9fd54412d7d5cf11c67c3e04200b2d1b457b738
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to