Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23a75858 by Moritz Muehlenhoff at 2024-04-21T19:59:55+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3098,6 +3098,8 @@ CVE-2024-3568 (The huggingface/transformers library is
vulnerable to arbitrary c
NOT-FOR-US: huggingface/transformers
CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in
the upda ...)
- qemu <unfixed> (bug #1068822)
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273
CVE-2024-3566 (A command inject vulnerability allows an attacker to perform
command i ...)
@@ -3519,6 +3521,8 @@ CVE-2024-26815 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
CVE-2024-3447
- qemu <unfixed> (bug #1068821)
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/
NOTE: https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
@@ -3680,6 +3684,8 @@ CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes
Ultimate plugin for Wo
NOT-FOR-US: WordPress plugin
CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices
(virtio-g ...)
- qemu <unfixed> (bug #1068820)
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211
NOTE: https://patchew.org/QEMU/20240409105537.18308-1-phi...@linaro.org/
CVE-2024-3281 (A vulnerability was discovered in the firmware builds after
8.0.2.3267 ...)
@@ -4442,6 +4448,8 @@ CVE-2024-31365 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and
before all ...)
- openexr <unfixed> (bug #1068939)
+ [bookworm] - openexr <no-dsa> (Minor issue)
+ [bullseye] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71
@@ -23398,27 +23406,39 @@ CVE-2023-52355 (An out-of-memory flaw was found in
libtiff that could be trigger
NOTE: Issue fixed by providing a documentation update
CVE-2023-40551 (A flaw was found in the MZ binary format in Shim. An
out-of-bounds rea ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259918
NOTE:
https://github.com/rhboot/shim/commit/5a5147d1e19cf90ec280990c84061ac3f67ea1ab
(15.8)
CVE-2023-40550 (An out-of-bounds read flaw was found in Shim when it tried to
validate ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259915
NOTE:
https://github.com/rhboot/shim/commit/93ce2552f3e9f71f888a672913bfc0eef255c56d
(15.8)
NOTE: Followup:
https://github.com/rhboot/shim/commit/e7f5fdf53ee68025f3ef2688e2f27ccb0082db83
(15.8)
CVE-2023-40549 (An out-of-bounds read flaw was found in Shim due to the lack
of proper ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241797
NOTE:
https://github.com/rhboot/shim/commit/afdc5039de0a4a3a40162a32daa070f94a883f09
(15.8)
CVE-2023-40548 (A buffer overflow was found in Shim in the 32-bit system. The
overflow ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782
NOTE:
https://github.com/rhboot/shim/commit/96dccc255b16e9465dbee50b3cef6b3db74d11c8
(15.8)
CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The
Shim boot ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589
NOTE:
https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d
(15.8)
CVE-2023-40546 (A flaw was found in Shim when an error happened while creating
a new E ...)
- shim <unfixed> (bug #1061519)
+ [bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
+ [bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241796
NOTE:
https://github.com/rhboot/shim/commit/66e6579dbf921152f647a0c16da1d3b2f40861ca
(15.8)
NOTE:
https://github.com/rhboot/shim/commit/dae82f6bd72cf600e5d48046ec674a441d0f49d7
(15.8)
@@ -40754,8 +40774,11 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of
Service, where a remote atta
NOTE:
https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP
and HTTPS ...)
- squid 6.5-1 (bug #1055249)
+ [bookworm] - squid <ignored> (Minor impact, too intrusive to backport
to 5.x)
+ [bullseye] - squid <ignored> (Minor impact, too intrusive to backport
to 5.x)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
+ NOTE:
https://megamansec.github.io/Squid-Security-Audit/cache-headers.html
CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by
chunked decod ...)
{DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (bug #1054537)
@@ -163039,6 +163062,7 @@ CVE-2022-24793 (PJSIP is a free and open source
multimedia communication library
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1014998)
+ [bookworm] - ring <no-dsa> (Minor issue)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE:
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication
library writt ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+atril
--
cryptojs
--
@@ -50,6 +52,10 @@ nbconvert/oldstable
--
nodejs
--
+openjdk-11 (jmm)
+--
+openjdk-17 (jmm)
+--
opennds/stable
--
org-mode
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a758581b4a027f39193302381dc081b1ceb588
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a758581b4a027f39193302381dc081b1ceb588
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
