Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5816881c by Moritz Muehlenhoff at 2024-10-23T11:01:45+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1783,6 +1783,7 @@ CVE-2024-10195 (A vulnerability was found in Tecno 4G
Portable WiFi TR118 V008-2
NOT-FOR-US: Tecno 4G Portable WiFi TR118
CVE-2024-XXXX [XSS Vulnerability in matrix.pl]
- dbeacon 0.4.0-3 (bug #1031542)
+ [bookworm] - dbeacon <no-dsa> (Minor issue)
CVE-2024-49631 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-49630 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -2489,16 +2490,19 @@ CVE-2024-47637 (: Relative Path Traversal vulnerability
in LiteSpeed Technologie
NOT-FOR-US: WordPress plugin
CVE-2024-47522 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.7-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7
NOTE: https://redmine.openinfosecfoundation.org/issues/7267
CVE-2024-47351 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-47188 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.7-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872
NOTE: https://redmine.openinfosecfoundation.org/issues/7289
CVE-2024-47187 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.7-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p
NOTE: https://redmine.openinfosecfoundation.org/issues/7209
CVE-2024-47139 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
@@ -2511,14 +2515,17 @@ CVE-2024-45844 (BIG-IP monitor functionality may allow
an attacker to bypass acc
NOT-FOR-US: BIG-IP
CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and
the relate ...)
- libhtp 1:0.5.49-1
+ [bookworm] - libhtp <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
NOTE: https://redmine.openinfosecfoundation.org/issues/7191
CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.7-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg
NOTE: https://redmine.openinfosecfoundation.org/issues/7067
CVE-2024-45795 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.7-1
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g
NOTE: https://redmine.openinfosecfoundation.org/issues/7195
CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
an XML E ...)
@@ -2885,7 +2892,9 @@ CVE-2024-9895 (The Smart Online Order for Clover plugin
for WordPress is vulnera
CVE-2024-9676 (A vulnerability was found in Podman, Buildah, and CRI-O. A
symlink tra ...)
- cri-o <itp> (bug #979702)
- golang-github-containers-buildah <unfixed>
+ [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
- golang-github-containers-storage 1.55.1+ds1-1
+ [bookworm] - golang-github-containers-storage <no-dsa> (Minor issue)
- libpod <unfixed>
- podman <unfixed>
NOTE: https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
@@ -2913,6 +2922,7 @@ CVE-2024-49195 (Mbed TLS 3.5.x through 3.6.x before 3.6.2
has a buffer underrun
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/
CVE-2024-48948 (The Elliptic package 6.5.7 for Node.js, in its for ECDSA
implementatio ...)
- node-elliptic <unfixed> (bug #1085298)
+ [bookworm] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/issues/321
NOTE: https://github.com/indutny/elliptic/pull/322
CVE-2024-48915 (Agent Dart is an agent library built for Internet Computer for
Dart an ...)
@@ -2971,6 +2981,7 @@ CVE-2024-45271 (An unauthenticated local attacker can
gain admin privileges by d
NOT-FOR-US: MB connect line GmbH
CVE-2024-44337 (The package `github.com/gomarkdown/markdown` is a Go library
for parsi ...)
- golang-github-gomarkdown-markdown <unfixed> (bug #1085377)
+ [bookworm] - golang-github-gomarkdown-markdown <no-dsa> (Minor issue)
NOTE: https://github.com/Brinmon/CVE-2024-44337
NOTE:
https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252
CVE-2024-41344 (A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13
allows attac ...)
@@ -4087,11 +4098,13 @@ CVE-2024-6747 (Information leakage in mknotifyd in
Checkmk before 2.3.0p18, 2.2.
- check-mk <removed>
CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in
libarchiv ...)
- libarchive <unfixed> (bug #1084978)
+ [bookworm] - libarchive <no-dsa> (Minor issue)
[bullseye] - libarchive <not-affected> (RAR filter support introduced
in 3.6.0)
NOTE: https://github.com/libarchive/libarchive/pull/2148
NOTE:
https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
(v3.7.5)
CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in
libarchiv ...)
- libarchive <unfixed> (bug #1084978)
+ [bookworm] - libarchive <no-dsa> (Minor issue)
[bullseye] - libarchive <not-affected> (RAR filter support introduced
in 3.6.0)
NOTE: https://github.com/libarchive/libarchive/pull/2149
NOTE:
https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
(v3.7.5)
@@ -5617,6 +5630,7 @@ CVE-2024-47561 (Schema parsing in the Java SDK of Apache
Avro 1.11.3 and previou
NOT-FOR-US: Apache Avro
CVE-2024-47554 (Uncontrolled Resource Consumption vulnerability in Apache
Commons IO. ...)
- commons-io 2.16.0-1
+ [bookworm] - commons-io <no-dsa> (Minor issue)
NOTE: https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
CVE-2024-45872 (Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via
sub_0x41 ...)
NOT-FOR-US: Bandisoft BandiView
@@ -21629,6 +21643,7 @@ CVE-2024-41110 (Moby is an open-source project created
by Docker for software co
{DLA-3918-1}
[experimental] - docker.io 26.1.5+dfsg1-1
- docker.io 26.1.5+dfsg1-2
+ [bookworm] - docker.io <no-dsa> (Minor issue, will be fixed via spu)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
NOTE:
https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
NOTE: 20.10 branch: fixed by
https://github.com/moby/moby/commit/88c4b7690840044ce15489699294ec7c5dadf5dd
=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ activemq
Santiago started to work on an update for bookworm
https://lists.debian.org/debian-lts/2024/10/msg00014.html
--
+cacti
+--
chromium (dilinger)
--
frr
@@ -33,7 +35,7 @@ linux (carnil)
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
-python-aiohttp
+python-aiohttp (jmm)
--
ring
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5816881c5292722a2d5ee4defb176c03a11a2cbe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5816881c5292722a2d5ee4defb176c03a11a2cbe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
