[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 21 Jan 2025 09:09:59 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
45945d7d by Moritz Muehlenhoff at 2025-01-21T18:08:52+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -113,7 +113,8 @@ CVE-2024-57930 [tracing: Have process_string() also allow 
arrays]
 CVE-2022-4975
        NOT-FOR-US: Red Hat Advanced Cluster Security
 CVE-2025-24014 [segmentation fault in win_line()]
-       - vim <unfixed>
+       - vim <unfixed> (unimportant)
+       NOTE: Crash in CLI tool, no security impact
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 
(v9.1.1043)
 CVE-2025-24337 (WriteFreely through 0.15.1, when MySQL is used, allows local 
users to  ...)
@@ -154,6 +155,7 @@ CVE-2024-22347 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode 
Velocity 4.0.0 throu
        NOT-FOR-US: IBM
 CVE-2024-13176 (Issue summary: A timing side-channel which could potentially 
allow rec ...)
        - openssl <unfixed>
+       [bookworm] - openssl <no-dsa> (Minor issue)
        NOTE: https://openssl-library.org/news/secadv/20250120.txt
        NOTE: 
https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
 (openssl-3.4.0)
        NOTE: 
https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
 (openssl-3.3.0)
@@ -1717,6 +1719,7 @@ CVE-2024-11322 (A denial-of-service vulnerability exists 
in CyberPower PowerPane
        NOT-FOR-US: CyberPower PowerPanel Business
 CVE-2024-11029 (A flaw was found in the FreeIPA API audit, where it sends the 
whole Fr ...)
        - freeipa <unfixed> (bug #1093383)
+       [bookworm] - freeipa <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325557
        NOTE: Fixed by: 
https://pagure.io/freeipa/c/3b38efe75865d0696829b4f26572575a8e74ddce 
(release-4-12-3)
        NOTE: Fixed by: 
https://pagure.io/freeipa/c/7a5a10b6bf2e3eafd4b69362ffaece39791be2a8 
(release-4-12-3)
@@ -8480,6 +8483,7 @@ CVE-2024-52046 (The ObjectSerializationDecoder in Apache 
MINA uses Java\u2019s n
        [bookworm] - mina <no-dsa> (Minor issue)
        [bullseye] - mina <postponed> (Minor issue; need specific conditions)
        - mina2 <unfixed> (bug #1091530)
+       [bookworm] - mina2 <no-dsa> (Minor issue)
        NOTE: https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
 CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution 
with Unne ...)
        NOT-FOR-US: Dell
@@ -9158,10 +9162,12 @@ CVE-2023-4617 (Incorrect authorization vulnerability in 
HTTP POST method in Gove
        NOT-FOR-US: Govee Home application on Android and iOS
 CVE-2024-9102 (phpLDAPadmin since at least version 1.2.0 through the latest 
version 1 ...)
        - phpldapadmin <unfixed> (bug #1090914)
+       [bookworm] - phpldapadmin <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - phpldapadmin <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: 
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
 CVE-2024-9101 (A reflected cross-site scripting (XSS) vulnerability in the 
'Entry Cho ...)
        - phpldapadmin <unfixed> (bug #1090914)
+       [bookworm] - phpldapadmin <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - phpldapadmin <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: 
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
 CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 
1.4.0.0 before ...)
@@ -19241,6 +19247,7 @@ CVE-2024-36276 (Insecure inherited permissions for some 
Intel(R) CIP software be
        NOT-FOR-US: Intel
 CVE-2024-36275 (NULL pointer dereference in some Intel(R) Optane(TM) PMem 
Management s ...)
        - ipmctl <unfixed> (bug #1087731)
+       [bookworm] - ipmctl <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01189.html
        NOTE: 
https://github.com/intel/ipmctl/commit/59d74ca68fcde3f1a11298a935b470fac09904aa 
(v03.00.00.0499)
        NOTE: Fixed in 03.00.00.0499 and later upstream.


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ gh
 --
 git (carnil)
 --
+git-lfs (jmm)
+--
 jetty9
 --
 jpeg-xl
@@ -52,6 +54,8 @@ pagure
 --
 pam-u2f (carnil)
 --
+pdns-recursor (jmm)
+--
 php-laravel-framework
 --
 python-django



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45945d7d8fea43f281e0c45f87092c8946b7a710

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45945d7d8fea43f281e0c45f87092c8946b7a710
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to