[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2024-45337 in golang-go.crypto for bullseye LTS.

Chris Lamb (@lamby) Fri, 13 Dec 2024 03:58:40 -0800


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker



Commits:
37828eb8 by Chris Lamb at 2024-12-13T11:55:59+00:00
Triage CVE-2024-45337 in golang-go.crypto for bullseye LTS.

- - - - -
197a081a by Chris Lamb at 2024-12-13T11:58:03+00:00
data/dla-needed.txt: Triage gst-plugins-base1.0 for bullseye LTS 
(CVE-2024-47538, CVE-2024-47541, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615 
&amp; CVE-2024-47835)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -750,6 +750,7 @@ CVE-2024-47537 (GStreamer is a library for constructing 
graphs of media-handling
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 
(1.24.10)
 CVE-2024-45337 (Applications and libraries which misuse the 
ServerConfig.PublicKeyCall ...)
        - golang-go.crypto <unfixed> (bug #1089754)
+       [bullseye] - golang-go.crypto <postponed> (Limited support, minor 
issue, follow bookworm DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/70779
        NOTE: https://go-review.googlesource.com/c/crypto/+/635315/
        NOTE: Fixed by: 
https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909
 (v0.31.0)


=====================================
data/dla-needed.txt
=====================================
@@ -97,6 +97,15 @@ glewlwyd (Thorsten Alteholz)
   NOTE: 20240815: pu scheduled 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
   NOTE: 20241201: testing package
 --
+gst-plugins-base1.0
+  NOTE: 20241213: Added by Front-Desk (lamby)
+  NOTE: 20241213: CVE-2024-47538, CVE-2024-47541, CVE-2024-47600, 
CVE-2024-47607, etc. (lamby)
+  NOTE: 20241213: See also gst-plugins-good1.0 (lamby)
+--
+gst-plugins-good1.0
+  NOTE: 20241213: Added by Front-Desk (lamby)
+  NOTE: 20241213: See also gst-plugins-base1.0 (lamby)
+--
 gunicorn
   NOTE: 20241206: Added by coordinator (roberto)
   NOTE: 20241206: CVE-2024-1135 was fixed in buster, is still open (no-dsa) in 
bullseye and bookworm



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c823a5a4c4b06826de23fc444514687e29d38818...197a081a525b0a420a416ab30010d56cea9d15df

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c823a5a4c4b06826de23fc444514687e29d38818...197a081a525b0a420a416ab30010d56cea9d15df
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2024-45337 in golang-go.crypto for bullseye LTS.

Reply via email to