Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
090b27e7 by Moritz Muehlenhoff at 2024-10-13T20:36:48+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -204,6 +204,7 @@ CVE-2024-46088 (An arbitrary file upload vulnerability in
the ProductAction.entp
NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management
System
CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
- h2o <unfixed> (bug #1084984)
+ [bookworm] - h2o <no-dsa> (Minor issue)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
NOTE:
https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
NOTE:
https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
@@ -211,6 +212,7 @@ CVE-2024-45402 (Picotls is a TLS protocol library that
allows users select diffe
- picotls <itp> (bug #925405)
CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
- h2o <unfixed> (bug #1084984)
+ [bookworm] - h2o <no-dsa> (Minor issue)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c
NOTE:
https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a
CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to
commtit d ...)
@@ -257,6 +259,7 @@ CVE-2024-33578 (A DLL hijack vulnerability was reported in
Lenovo Leyun that cou
NOT-FOR-US: Lenovo
CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Th ...)
- h2o <unfixed> (bug #1084984)
+ [bookworm] - h2o <no-dsa> (Minor issue)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj
NOTE: https://github.com/h2o/h2o/issues/3332
NOTE:
https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
@@ -670,6 +673,7 @@ CVE-2024-48957 (execute_filter_audio in
archive_read_support_format_rar.c in lib
NOTE:
https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
(v3.7.5)
CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the
Elliptic pac ...)
- node-elliptic 6.5.7+dfsg-1
+ [bookworm] - node-elliptic <no-dsa> (Minor issue)
NOTE:
https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281
(v6.5.6)
CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence,
and Bitbuc ...)
NOT-FOR-US: Jira plugin
@@ -686,6 +690,7 @@ CVE-2024-9680 (An attacker was able to achieve code
execution in the content pro
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not
properly val ...)
- golang-github-containers-buildah <unfixed> (bug #1084980)
+ [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317458
CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism
to see ...)
@@ -892,6 +897,7 @@ CVE-2024-46307 (A loop hole in the payment logic of
Sparkshop v1.16 allows attac
NOT-FOR-US: Sparkshop
CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below
allows a re ...)
- libcoap3 <unfixed> (bug #1084981)
+ [bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
- libcoap <removed>
NOTE: https://github.com/obgm/libcoap/issues/1509
@@ -1978,6 +1984,7 @@ CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to
parse minecraft server
NOT-FOR-US: Minecraft MOTD Parser
CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP
servers. ...)
- node-cookie 0.7.1+~0.6.0-1
+ [bookworm] - node-cookie <no-dsa> (Minor issue)
NOTE:
https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
NOTE: https://github.com/jshttp/cookie/pull/167
NOTE:
https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c
(v0.7.0)
@@ -1997,6 +2004,7 @@ CVE-2024-47651 (This vulnerability exists in Shilpi
Client Dashboard due to impr
NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47211 (In OpenStack Ironic before 21.4.4, 22.x and 23.x before
23.0.3, 23.x a ...)
- ironic 1:26.1.0-1
+ [bookworm] - ironic <no-dsa> (Minor issue)
NOTE: https://security.openstack.org/ossa/OSSA-2024-004.html
CVE-2024-47183 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
@@ -2411,6 +2419,7 @@ CVE-2024-20365 (A vulnerability in the Redfish API of
Cisco UCS B-Series, Cisco
NOT-FOR-US: Cisco
CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the
Dockerfil ...)
- golang-github-containers-buildah <unfixed> (bug #1084980)
+ [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before
version 24. ...)
@@ -2769,6 +2778,7 @@ CVE-2024-47536 (Citizen is a MediaWiki skin that makes
extensions part of the co
NOT-FOR-US: MediaWiki skin
CVE-2024-47532 (RestrictedPython is a restricted execution environment for
Python to r ...)
- restrictedpython <unfixed> (bug #1084057)
+ [bookworm] - restrictedpython <no-dsa> (Minor issue)
NOTE:
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
NOTE: Fixed by:
https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
(7.3)
CVE-2024-47531 (Scout is a web-based visualizer for VCF-files. Due to the lack
of sani ...)
@@ -30496,6 +30506,7 @@ CVE-2023-6491 (The Strong Testimonials plugin for
WordPress is vulnerable to una
NOT-FOR-US: WordPress plugin
CVE-2023-51847 (An issue in obgm and Libcoap v.a3ed466 allows a remote
attacker to cau ...)
- libcoap3 <unfixed> (bug #1084981)
+ [bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
- libcoap <removed>
NOTE: https://github.com/obgm/libcoap/issues/1509
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/090b27e72c355111a338df62c2a52607f5075349
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/090b27e72c355111a338df62c2a52607f5075349
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
