Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: fc30ba59 by Ola Lundqvist at 2024-03-07T23:54:31+01:00 Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster. - - - - - c7598151 by Ola Lundqvist at 2024-03-07T23:54:32+01:00 Analyzed freeipa further and concluded that it is safest to fix in buster. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2053,6 +2053,7 @@ CVE-2024-0074 [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986) @@ -2076,6 +2077,7 @@ CVE-2024-42265 [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986) @@ -2095,6 +2097,7 @@ CVE-2024-0078 [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986) @@ -4627,6 +4630,10 @@ CVE-2024-1481 [specially crafted HTTP requests potentially lead to DoS or data e NOTE: ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538 NOTE: ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d NOTE: ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd + NOTE: For buster (and most likely later versions) the vulnerable rpcserver.py code + NOTE: is not part of the provided binary packages. The kinit.py file is however and + NOTE: it is not entirelly clear whether this may be used in a vulnerable way when + NOTE: the client is used for authentication purposes. CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...) NOT-FOR-US: Liferay CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...) ===================================== data/dla-needed.txt ===================================== @@ -107,6 +107,9 @@ fontforge (Adrian Bunk) freeimage NOTE: 20240121: Added by Front-Desk (apo) -- +freeipa + NOTE: 20240307: Added by Front-Desk (opal) +-- frr (Abhijith PA) NOTE: 20231119: Added by Front-Desk (apo) NOTE: 20240206: Continuing fixing the remaining issues (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits