Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c42ffce by Chris Lamb at 2024-12-12T10:35:56+00:00
Triage CVE-2024-24820 in icingaweb2-module-director for bullseye LTS.
- - - - -
216a9289 by Chris Lamb at 2024-12-12T10:41:54+00:00
Triage CVE-2024-55564 in libposix-2008-perl for bullseye LTS.
- - - - -
6ad7e6c9 by Chris Lamb at 2024-12-12T10:42:18+00:00
Triage CVE-2024-55565 in node-postcss for bullseye LTS.
- - - - -
75f338d2 by Chris Lamb at 2024-12-12T10:42:38+00:00
Triage CVE-2024-53981 in python-multipart for bullseye LTS.
- - - - -
7aafdabe by Chris Lamb at 2024-12-12T10:43:49+00:00
Triage CVE-2024-12224 in rust-idna for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1694,6 +1694,7 @@ CVE-2023-32094 (Missing Authorization vulnerability in
Felix Welberg Extended Po
CVE-2024-12224 [RUSTSEC-2024-0421]
- rust-idna <unfixed> (bug #1089662)
[bookworm] - rust-idna <no-dsa> (Minor issue)
+ [bullseye] - rust-idna <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0421.html
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
CVE-2024-9651 (The Fluent Forms WordPress plugin before 5.2.1 does not
sanitise and ...)
@@ -1713,12 +1714,14 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a
predictable temporary file
CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer
values. 3.3.8 ...)
- node-postcss <unfixed>
[bookworm] - node-postcss <no-dsa> (Minor issue)
+ [bullseye] - node-postcss <postponed> (Minor issue; can be fixed in
next update)
NOTE: node-postcss bundles nanoid
NOTE: https://github.com/ai/nanoid/pull/510
NOTE:
https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c
(3.3.8)
CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential
_execve50 ...)
- libposix-2008-perl 0.24-1
[bookworm] - libposix-2008-perl <no-dsa> (Minor issue)
+ [bullseye] - libposix-2008-perl <postponed> (Minor issue; can be fixed
in next update)
CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via
an off- ...)
- bitcoin <removed>
CVE-2024-55560 (MailCleaner before 28d913e has default values of
ssh_host_dsa_key, ssh ...)
@@ -2957,6 +2960,7 @@ CVE-2024-53984 (Nanopb is a small code-size Protocol
Buffers implementation. Wh
CVE-2024-53981 (python-multipart is a streaming multipart parser for Python.
When pars ...)
- python-multipart <unfixed> (bug #1088991)
[bookworm] - python-multipart <no-dsa> (Minor issue)
+ [bullseye] - python-multipart <postponed> (Minor issue; can be fixed in
next update)
NOTE:
https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
NOTE: Fixed by:
https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19
(0.0.18)
NOTE: Fixed by:
https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177
(0.0.19)
@@ -87471,6 +87475,7 @@ CVE-2024-24821 (Composer is a dependency Manager for
the PHP language. In affect
CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2
configuration hand ...)
- icingaweb2-module-director 1.11.1-1
[bookworm] - icingaweb2-module-director <no-dsa> (Minor issue)
+ [bullseye] - icingaweb2-module-director <postponed> (Minor issue; can
be fixed in next update)
NOTE:
https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3
NOTE:
https://github.com/Icinga/icingaweb2-module-director/commit/f1e54348c8362b3010eb2d87d8cf380d5ba55135
(v1.10.3)
CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding
edge Icin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ca59f8ce38aec4f0bb306b7f7dbf6fdacb1189...7aafdabe7227fbbfaea9d6d002074a6ca1b48223
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ca59f8ce38aec4f0bb306b7f7dbf6fdacb1189...7aafdabe7227fbbfaea9d6d002074a6ca1b48223
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
