Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
108c29e5 by Moritz Muehlenhoff at 2024-02-29T11:06:02+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1274,12 +1274,18 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS)
vulnerability in the comp
NOT-FOR-US: beep.js
CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in / ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE:
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in / ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE:
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in
/krb5/src/lib/r ...)
- krb5 <unfixed> (bug #1064965)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bullseye] - krb5 <no-dsa> (Minor issue)
NOTE:
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in
/fluent-bi ...)
NOT-FOR-US: Fluent Bit
@@ -1344,6 +1350,8 @@ CVE-2024-23837 (LibHTP is a security-aware parser for the
HTTP protocol. Crafted
NOTE: https://redmine.openinfosecfoundation.org/issues/6444
CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.3-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
+ [bullseye] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
NOTE:
https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7
(suricata-6.0.16)
NOTE:
https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc
(suricata-6.0.16)
@@ -4370,6 +4378,7 @@ CVE-2024-24337 (CSV Injection vulnerability in
'/members/moremember.pl' and '/ad
NOT-FOR-US: Koha Library Management System
CVE-2024-23833 (OpenRefine is a free, open source power tool for working with
messy da ...)
- openrefine <unfixed> (bug #1064192)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a
(3.7.8)
CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows
attackers ...)
@@ -8452,6 +8461,7 @@ CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below
passes the authentication to
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs]
- xen <unfixed>
+ [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-451.html
=====================================
data/dsa-needed.txt
=====================================
@@ -30,6 +30,8 @@ gtkwave
--
h2o (jmm)
--
+jetty9
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on
bullseye-security backports
--
@@ -98,5 +100,7 @@ varnish
--
wpa
--
+yard (jmm)
+--
zabbix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108c29e56c10c51d83b37a950d04c7e409d2e38b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
