[Git][security-tracker-team/security-tracker][master] 2 commits: bookworm triage

Moritz Muehlenhoff (@jmm) Thu, 19 Dec 2024 07:56:46 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5e7c4eb5 by Moritz Muehlenhoff at 2024-12-19T16:37:43+01:00
bookworm triage

- - - - -
8a380e09 by Moritz Muehlenhoff at 2024-12-19T16:37:45+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242,9 +242,11 @@ CVE-2024-56173 (In Optimizely Configured Commerce before 
5.2.2408, malicious pay
        NOT-FOR-US: Optimizely Configured Commerce
 CVE-2024-56170 (A validation integrity issue was discovered in Fort through 
1.6.4 befo ...)
        - fort-validator <unfixed>
+       [bookworm] - fort-validator <no-dsa> (Minor issue)
        NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56169 (A validation integrity issue was discovered in Fort through 
1.6.4 befo ...)
        - fort-validator <unfixed>
+       [bookworm] - fort-validator <no-dsa> (Minor issue)
        NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that 
stores  ...)
        NOT-FOR-US: pghoard
@@ -373,6 +375,7 @@ CVE-2024-54677 (Uncontrolled Resource Consumption 
vulnerability in the examples
        NOTE: 
https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
 (9.0.98)
 CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect 
access contro ...)
        - dante <unfixed>
+       [bookworm] - dante <no-dsa> (Minor issue)
        NOTE: https://www.inet.no/dante/advisory-2024-12-16.txt
 CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link 
(Symlink) Follo ...)
        NOT-FOR-US: Dell
@@ -2284,6 +2287,7 @@ CVE-2024-47543 (GStreamer is a library for constructing 
graphs of media-handling
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 
(1.24.10)
 CVE-2024-47542 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
        - gst-plugins-base1.0 1.24.10-1
+       [bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
        - gst-plugins-base0.10 <removed>
        NOTE: https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/
        NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0008.html
@@ -4737,6 +4741,7 @@ CVE-2024-53992 (unzip-bot is a Telegram bot to extract 
various types of archives
        NOT-FOR-US: unzip-bot
 CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to 
easily e ...)
        - async-http-client <unfixed> (bug #1089228)
+       [bookworm] - async-http-client <no-dsa> (Minor issue)
        NOTE: 
https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv
        NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1964
        NOTE: https://github.com/AsyncHttpClient/async-http-client/pull/2033
@@ -7214,6 +7219,7 @@ CVE-2024-7016 (Improper Neutralization of Input During 
Web Page Generation (XSS
        NOT-FOR-US: Smarttek Informatics Smart Doctor
 CVE-2024-53432 (While parsing certain malformed PLY files, PCL version 1.14.1 
crashes  ...)
        - pcl <unfixed> (bug #1088186)
+       [bookworm] - pcl <no-dsa> (Minor issue)
        NOTE: https://github.com/PointCloudLibrary/pcl/issues/6162
        NOTE: https://github.com/PointCloudLibrary/pcl/pull/6179
 CVE-2024-53429 (Open62541 v1.4.6 is has an assertion failure in 
fuzz_binary_decode, wh ...)
@@ -16139,7 +16145,7 @@ CVE-2024-10011 (The BuddyPress plugin for WordPress is 
vulnerable to Directory T
        NOT-FOR-US: WordPress plugin
 CVE-2024-48426 (A segmentation fault (SEGV) was detected in the 
SortByPTypeProcess::Ex ...)
        - assimp <unfixed> (bug #1086043)
-       [bookworm] - assimp <postponed> (Minor issue, revisit when fixed 
upstream)
+       [bookworm] - assimp <no-dsa> (Minor issue)
        [bullseye] - assimp <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: https://github.com/assimp/assimp/issues/5789
 CVE-2024-48425 (A segmentation fault (SEGV) was detected in the 
Assimp::SplitLargeMesh ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eba28ed0bf61f8d52423fbd2021ff3232f4bd065...8a380e099a520834ce10333e44be59078adced27

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eba28ed0bf61f8d52423fbd2021ff3232f4bd065...8a380e099a520834ce10333e44be59078adced27
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: bookworm triage

Reply via email to