Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35247fde by Moritz Muehlenhoff at 2025-04-21T20:02:19+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56128,7 +56128,7 @@ CVE-2024-9162 (The All-in-One WP Migration and Backup
plugin for WordPress is vu
NOT-FOR-US: WordPress plugin
CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows
man-in-the-middle at ...)
[experimental] - kmail-account-wizard 4:24.08.0-1
- - kmail-account-wizard <unfixed> (bug #1086198)
+ - kmail-account-wizard 4:24.12.0-2 (bug #1086198)
[bookworm] - kmail-account-wizard <no-dsa> (Minor issue)
[bullseye] - kmail-account-wizard <postponed> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=487882
@@ -68015,7 +68015,7 @@ CVE-2024-44667 (Shenzhen Haichangxing Technology Co.,
Ltd HCX H822 4G LTE Router
CVE-2024-44087 (A vulnerability has been identified in Automation License
Manager V5 ( ...)
NOT-FOR-US: Siemens
CVE-2024-43800 (serve-static serves static files. serve-static passes
untrusted user i ...)
- - node-serve-static <unfixed> (bug #1081482)
+ - node-serve-static 2.1.0+~1.15.7-1 (bug #1081482)
[bookworm] - node-serve-static <no-dsa> (Minor issue)
[bullseye] - node-serve-static <postponed> (Minor issue)
NOTE:
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
@@ -84073,14 +84073,14 @@ CVE-2024-6580 (The /n software IPWorks SSH library
SFTPServer component can be i
NOT-FOR-US: /n software IPWorks SSH library SFTPServer component
CVE-2024-6564 (Buffer overflow in "rcar_dev_init" due to using due to using
untruste ...)
[experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- - arm-trusted-firmware <unfixed> (bug #1076042)
+ - arm-trusted-firmware 2.12.0+dfsg-2 (bug #1076042)
[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
NOTE:
https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2
NOTE: https://asrg.io/security-advisories/cve-2024-6564/
CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
[experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- - arm-trusted-firmware <unfixed> (bug #1076042)
+ - arm-trusted-firmware 2.12.0+dfsg-2 (bug #1076042)
[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
NOTE:
https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164
@@ -495395,6 +495395,7 @@ CVE-2019-0188 (Apache Camel prior to 2.24.0 contains
an XML external entity inje
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in
distributed mod ...)
- jakarta-jmeter <unfixed> (bug #1014709)
+ [trixie] - jakarta-jmeter <no-dsa> (Minor issue)
[bookworm] - jakarta-jmeter <no-dsa> (Minor issue)
[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -525358,6 +525359,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has
incorrect certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the
ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
+ [trixie] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[bookworm] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[bullseye] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[buster] - jabberd2 <ignored> (Minor issue, default init system not
affected)
@@ -545500,6 +545502,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was
found in Apache Qpid Broker
NOTE:
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x
and 3. ...)
- jakarta-jmeter <unfixed> (low; bug #897259)
+ [trixie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[bookworm] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
@@ -545531,7 +545534,8 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1,
0.10.0.0 to 0.10.2.1, 0.11.0.
- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only
(RMI ba ...)
- jakarta-jmeter <unfixed> (low; bug #1014709)
- [bookworm] - jakarta-jmeter <no-dsa> (Minor issue)
+ [trixie] - jakarta-jmeter <ignored> (Minor issue)
+ [bookworm] - jakarta-jmeter <ignored> (Minor issue)
[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35247fded536b5e1614aa84b86ef27dd752ff576
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35247fded536b5e1614aa84b86ef27dd752ff576
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
