bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 27 Feb 2024 04:38:28 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7174d61 by Moritz Muehlenhoff at 2024-02-27T13:01:03+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,6 +85,8 @@ CVE-2024-27092 (Hoppscotch is an API development ecosystem.  
Due to lack of vali
        NOT-FOR-US: Hoppscotch
 CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions 
with very  ...)
        - node-es5-ext <unfixed>
+       [bookworm] - node-es5-ext <no-dsa> (Minor issue)
+       [bullseye] - node-es5-ext <no-dsa> (Minor issue)
        NOTE: 
https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
        NOTE: https://github.com/medikoo/es5-ext/issues/201
        NOTE: 
https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2
 (v1.10.63)
@@ -134,7 +136,8 @@ CVE-2024-25763 (openNDS 10.2.0 is vulnerable to 
Use-After-Free via /openNDS/src/
        - opennds <unfixed>
        NOTE: 
https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md
 CVE-2024-25760 (yasm 1.3.0 contains a memory leak via 
/yasm/tools/genmacro/genmacro.c.)
-       - yasm <unfixed>
+       - yasm <unfixed> (unimportant)
+       NOTE: Memory leak in CLI tool, no security impact
        NOTE: 
https://github.com/LuMingYinDetect/yasm_defects/blob/main/yasm_detect_2.md
 CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File 
with Dan ...)
        NOT-FOR-US: flusity-CMS
@@ -162,6 +165,9 @@ CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 
2024R1.01 allows a remo
        NOT-FOR-US: Nagios XI
 CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.3-1
+       [bookworm] - suricata <not-affected> (Vulnerable code not present)
+       [bullseye] - suricata <not-affected> (Vulnerable code not present)
+       [buster] - suricata <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
        NOTE: 
https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f
 (suricata-7.0.3)
        NOTE: https://redmine.openinfosecfoundation.org/issues/6657


=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ knot-resolver (jmm)
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports
 --
+libuv1
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7174d611ddbede39012c183efb076eab9584bc2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7174d611ddbede39012c183efb076eab9584bc2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to