Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e17e5e2a by Moritz Muehlenhoff at 2024-11-25T10:52:49+01:00 bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,6 @@ CVE-2024-53901 (The Imager package before 1.025 for Perl has a heap-based buffer overf ...) - libimager-perl 1.025+dfsg-1 + [bookworm] - libimager-perl <no-dsa> (Minor issue) NOTE: https://github.com/tonycoz/imager/issues/534 NOTE: https://github.com/tonycoz/imager/commit/7851737838aa86113b276aea02729cc1f6e9eed0 (v1.025) NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/167 @@ -1076,9 +1077,11 @@ CVE-2024-52765 (H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code ex NOT-FOR-US: H3C GR-1800AX MiniGRW1B0V100R007 CVE-2024-52763 (A cross-site scripting (XSS) vulnerability in the component /graph_all ...) - ganglia-web <unfixed> + [bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://github.com/ganglia/ganglia-web/issues/382 CVE-2024-52762 (A cross-site scripting (XSS) vulnerability in the component /master/he ...) - ganglia-web <unfixed> + [bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://github.com/ganglia/ganglia-web/issues/382 CVE-2024-52757 (D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow ...) NOT-FOR-US: D-LINK ===================================== data/dsa-needed.txt ===================================== @@ -27,13 +27,15 @@ linux (carnil) opennds pinged maintainer, but no reply yet. should most probably be bumped to 10.x -- -php8.2 +php8.2 (jmm) -- python-aiohttp (jmm) -- +python-tornado +-- ring -- -smarty3 +smarty3 (jmm) Tobias Frost posted a debdiff for review addressing CVE-2023-28447 and CVE-2024-35226 -- smarty4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17e5e2abbab32e25994ab5be3f247f30029830c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17e5e2abbab32e25994ab5be3f247f30029830c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits