[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 10 Dec 2024 08:37:00 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ba8e02f3 by Moritz Muehlenhoff at 2024-12-10T17:34:18+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -210,6 +210,7 @@ CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 
allows attackers without v
        NOT-FOR-US: Serviceware Processes
 CVE-2024-46901 (Insufficient validation of filenames against control 
characters in Apa ...)
        - subversion 1.14.5-1
+       [bookworm] - subversion <no-dsa> (Minor issue)
        NOTE: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
 CVE-2024-46547 (A vulnerability was found in Romain Bourdon Wampserver all 
versions (d ...)
        NOT-FOR-US: Romain Bourdon Wampserver
@@ -421,6 +422,7 @@ CVE-2023-32094 (Missing Authorization vulnerability in 
Felix Welberg Extended Po
        NOT-FOR-US: WordPress plugin
 CVE-2024-12224 [RUSTSEC-2024-0421]
        - rust-idna <unfixed>
+       [bookworm] - rust-idna <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0421.html
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not 
sanitise and  ...)
@@ -434,8 +436,9 @@ CVE-2024-55579 (An issue was discovered in Qlik Sense 
Enterprise for Windows bef
 CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as 
auth_microsoft_offi ...)
        - zammad <itp> (bug #841355)
 CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary 
file (locat ...)
-       - colpack <unfixed>
+       - colpack <unfixed> (unimportant)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
+       NOTE: Negligible security impact with fs.protected_symlinks=1 being the 
standard in Debian
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer 
values. 3.3.8 ...)
        - node-postcss <unfixed>
        NOTE: node-postcss bundles nanoid



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8e02f3509a9886548f91c2ad5d0bd5ac9a1c22

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8e02f3509a9886548f91c2ad5d0bd5ac9a1c22
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to