[Git][security-tracker-team/security-tracker][master] bookworm triage

Sun, 19 Jan 2025 13:53:06 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a364510 by Moritz Muehlenhoff at 2025-01-19T22:52:39+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5204,6 +5204,7 @@ CVE-2024-56828 (File Upload vulnerability in ChestnutCMS 
through 1.5.0. Based on
        NOT-FOR-US: ChestnutCMS
 CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
+       [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
 (master)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
 (master)
@@ -5211,6 +5212,7 @@ CVE-2024-55629 (Suricata is a network Intrusion Detection 
System, Intrusion Prev
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/c4d8790db85164714c92556fbc8e849e9df6355b
 (suricata-7.0.8)
 CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
+       [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
 (master)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
 (master)
@@ -5220,6 +5222,7 @@ CVE-2024-55628 (Suricata is a network Intrusion Detection 
System, Intrusion Prev
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060
 (suricata-7.0.8)
 CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
+       [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd
 (master)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be
 (master)
@@ -5229,11 +5232,13 @@ CVE-2024-55627 (Suricata is a network Intrusion 
Detection System, Intrusion Prev
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e
 (suricata-7.0.8)
 CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
+       [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb
 (master)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/470795e65ba77cffba3aed850313a5f23c4b278d
 (suricata-7.0.8)
 CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
+       [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76
 (suricata-7.0.8)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba
 (suricata-7.0.8)
@@ -5313,12 +5318,15 @@ CVE-2024-12970 (Improper Neutralization of Special 
Elements used in an OS Comman
        NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This 
vulnerability ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows 
unexpected addit ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
 CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability 
allows by ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
 CVE-2024-56769 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 6.12.8-1
@@ -5566,6 +5574,7 @@ CVE-2024-10932 (The Backup Migration plugin for WordPress 
is vulnerable to PHP O
        NOT-FOR-US: WordPress plugin
 CVE-2025-22376 (In Net::OAuth::Client in the Net::OAuth package before 0.29 
for Perl,  ...)
        - libnet-oauth-perl 0.30-1 (bug #1092056)
+       [bookworm] - libnet-oauth-perl <no-dsa> (Minor issue)
        [bullseye] - libnet-oauth-perl <postponed> (Minor issue)
        NOTE: Fixed by: 
https://github.com/keeth/Net-OAuth/commit/2aa25e04aadab247ae4063363fcee177161e1f42
 (0.29)
        NOTE: Followup (bugfix): 
https://github.com/keeth/Net-OAuth/commit/2276807dbdd5c0cee2d09679e084c7fdfb401704
 (0.30)
@@ -6504,9 +6513,11 @@ CVE-2023-48775 (Missing Authorization vulnerability in 
Gfazioli WP Cleanfix allo
        NOT-FOR-US: WordPress plugin
 CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This 
vulnerability  ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
 CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability 
allows po ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
 CVE-2024-45497 (A flaw was found in the OpenShift build process, where the 
docker-buil ...)
        NOT-FOR-US: OpenShift
@@ -14410,7 +14421,7 @@ CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory 
leak vulnerability in th
        NOT-FOR-US: Zulip
 CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in 
the FormL ...)
        [experimental] - symfony 7.1.0~beta1+dfsg-1
-       - symfony <unfixed> (bug #1088817)
+       - symfony <unfixed> (unimportant; bug #1088817)
        NOTE: 
https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
 (v7.1.0-BETA1)
        NOTE: Not considered a security issue by upstream: 
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
 CVE-2024-36610


=====================================
data/dsa-needed.txt
=====================================
@@ -63,8 +63,12 @@ ring
 --
 rsync (carnil)
 --
+snapcast (jmm)
+--
 sogo
 --
+sympa
+--
 tcpdf
 --
 trafficserver



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3645104c6f219c6dd37914c9f7bd53204f0749

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3645104c6f219c6dd37914c9f7bd53204f0749
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to