Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8126cd6c by Moritz Muehlenhoff at 2024-11-23T20:34:11+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -834,6 +834,7 @@ CVE-2024-53426 (A heap-buffer-overflow vulnerability has
been identified in ntop
NOTE: https://github.com/ntop/ntopng/issues/8793
CVE-2024-53425 (A heap-buffer-overflow vulnerability was discovered in the
SkipSpacesA ...)
- assimp <unfixed>
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5860
CVE-2024-53335 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer
Overflo ...)
NOT-FOR-US: TOTOLINK
@@ -963,10 +964,12 @@ CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and
2.0.0-M1 through 2.0.0-M4
NOT-FOR-US: Apache NiFi
CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to
4.2.8 al ...)
- wireshark 4.4.2-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20214
CVE-2024-11595 (FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1
and 4.2 ...)
- wireshark 4.4.2-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20176
CVE-2024-53095 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
@@ -2311,6 +2314,7 @@ CVE-2023-52921 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/90e065677e0362a777b9db97ea21d43a39211399 (6.5-rc6)
CVE-2024-10524 (Applications that use Wget to access a remote resource using
shorthand ...)
- wget <unfixed> (bug #1088023)
+ [bookworm] - wget <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/11/18/6
NOTE: https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778
(v1.25.0)
@@ -2501,9 +2505,11 @@ CVE-2024-5030 (The CM Table Of Contents WordPress
plugin before 1.2.3 does not
NOT-FOR-US: WordPress plugin
CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG
before 2.2 ...)
- lemonldap-ng 2.20.1+ds-1
+ [bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257
CVE-2024-52946 (An issue was discovered in LemonLDAP::NG before 2.20.1. An
Improper Ch ...)
- lemonldap-ng 2.20.1+ds-1
+ [bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255
CVE-2024-52945 (An issue was discovered in Veritas NetBackup before 10.5. This
only ap ...)
NOT-FOR-US: Veritas NetBackup
@@ -2778,6 +2784,7 @@ CVE-2024-52523 (Nextcloud Server is a self hosted
personal cloud system. After s
- nextcloud-server <itp> (bug #941708)
CVE-2024-52522 (Rclone is a command-line program to sync files and directories
to and ...)
- rclone <unfixed> (bug #1088107)
+ [bookworm] - rclone <no-dsa> (Minor issue)
NOTE:
https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv
NOTE:
https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0
(master)
NOTE:
https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533
(v1.68.2)
@@ -5930,6 +5937,7 @@ CVE-2024-10964 (A vulnerability classified as critical
has been found in emqx ne
NOT-FOR-US: emqx neuron
CVE-2024-10963 (A flaw was found in pam_access, where certain rules in its
configurati ...)
- pam <unfixed> (bug #1087019)
+ [bookworm] - pam <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
NOTE: https://github.com/linux-pam/linux-pam/issues/834
CVE-2024-10668 (There exists an auth bypass in Google Quickshare where an
attacker can ...)
@@ -6900,6 +6908,7 @@ CVE-2023-34443 (Combodo iTop is a simple, web based IT
Service Management tool.
NOT-FOR-US: Combodo iTop
CVE-2024-51744 (golang-jwt is a Go implementation of JSON Web Tokens. Unclear
document ...)
- golang-github-golang-jwt-jwt <unfixed> (bug #1086792)
+ [bookworm] - golang-github-golang-jwt-jwt <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2323735
NOTE:
https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
(v4.5.1)
CVE-2024-9147 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ linux (carnil)
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
+php8.2
+--
python-aiohttp (jmm)
--
ring
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8126cd6c029149bb1dd1139766036dd58ee47a6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8126cd6c029149bb1dd1139766036dd58ee47a6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
