Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2dc5be3 by Moritz Muehlenhoff at 2025-01-19T13:21:13+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,6 +52,7 @@ CVE-2025-23208 (zot is a production-ready vendor-neutral OCI
image registry. The
NOT-FOR-US: zot
CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math
rendering ...)
- node-katex <unfixed> (bug #1093446)
+ [bookworm] - node-katex <no-dsa> (Minor issue)
NOTE:
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546
NOTE:
https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c
(v0.16.21)
TODO: check embeded code copy
@@ -8682,6 +8683,7 @@ CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable
to server-side request
NOT-FOR-US: IBM
CVE-2024-47093 (Improper neutralization of input in Nagvis before version
1.9.42 which ...)
- nagvis 1:1.9.42-1
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE:
https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd
(nagvis-1.9.42)
NOTE:
https://github.com/NagVis/nagvis/commit/b5b1164007439de526df7d54d5c02d7732ba1c42
(nagvis-1.9.42)
CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data
directory in ...)
@@ -25033,6 +25035,7 @@ CVE-2024-49762 (Pterodactyl is a free, open-source game
server management panel.
NOT-FOR-US: Pterodactyl
CVE-2024-49760 (OpenRefine is a free, open source tool for working with messy
data. Th ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/478285afffea59c893ac472faa74898ab9e5e95a
(3.8.3)
@@ -25058,30 +25061,36 @@ CVE-2024-48208 (pure-ftpd before 1.0.52 is vulnerable
to Buffer Overflow. There
NOTE: No security impact, basically just terminates the user's
connection
CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a
modular we ...)
- openrefine-butterfly 1.2.6-1 (bug #1086042)
+ [bookworm] - openrefine-butterfly <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8
NOTE:
https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c
(1.2.6)
CVE-2024-47882 (OpenRefine is a free, open source tool for working with messy
data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-j8hp-f2mj-586g
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/85594e75e7b36025f7b6a67dcd3ec253c5dff8c2
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/b0d5dd0a6a40369593f4a6b593e3e0ffa213339e
(3.8.3)
CVE-2024-47881 (OpenRefine is a free, open source tool for working with messy
data. St ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/8a5cced755f9d4544cfc9fd1b9dc9274807b5020
(3.8.3)
CVE-2024-47880 (OpenRefine is a free, open source tool for working with messy
data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-79jv-5226-783f
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/8060477fa53842ebabf43b63e039745932fa629d
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/fbf94fe3f001d6e2aa02e890930cf1affb0847b0
(3.8.3)
CVE-2024-47879 (OpenRefine is a free, open source tool for working with messy
data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-3jm4-c6qf-jrh3
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/090924ca923489b6c94397cf1f5df7f7f78f0126
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/52c882a447d9efe8d3ef73b78468887c5da39790
(3.8.3)
CVE-2024-47878 (OpenRefine is a free, open source tool for working with messy
data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-pw3x-c5vp-mfc3
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/10bf0874d67f1018a58b3732332d76b840192fea
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/37b375478eca41b8948b104bf6790ebf659a88cb
(3.8.3)
=====================================
data/dsa-needed.txt
=====================================
@@ -50,6 +50,8 @@ openjpeg2
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
+pagure
+--
pam-u2f (carnil)
--
php-laravel-framework
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2dc5be373a10994282d880af75ee43a455a9c7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2dc5be373a10994282d880af75ee43a455a9c7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
