[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 10 Dec 2024 11:18:47 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f3fbb311 by Moritz Muehlenhoff at 2024-12-10T20:09:42+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -441,6 +441,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a 
predictable temporary file
        NOTE: Negligible security impact with fs.protected_symlinks=1 being the 
standard in Debian
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer 
values. 3.3.8 ...)
        - node-postcss <unfixed>
+       [bookworm] - node-postcss <no-dsa> (Minor issue)
        NOTE: node-postcss bundles nanoid
 CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential 
_execve50 ...)
        - libposix-2008-perl 0.24-1
@@ -1681,6 +1682,7 @@ CVE-2024-53984 (Nanopb is a small code-size Protocol 
Buffers implementation.  Wh
        NOTE: Fixed by: 
https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378
 CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. 
When pars ...)
        - python-multipart <unfixed> (bug #1088991)
+       [bookworm] - python-multipart <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19
 (0.0.18)
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177
 (0.0.19)
@@ -21631,6 +21633,7 @@ CVE-2024-45752 (logiops through 0.3.4, in its default 
configuration, allows any
 CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In 
affected vers ...)
        {DLA-3947-1}
        - puma 6.4.3-1 (bug #1082379)
+       [bookworm] - puma <no-dsa> (Minor issue)
        NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
        NOTE: Fixed by: 
https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043 
(v6.4.3)
 CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)


=====================================
data/dsa-needed.txt
=====================================
@@ -44,7 +44,7 @@ python-tornado
 --
 ring
 --
-smarty4
+smarty4 (jmm)
 --
 sogo
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fbb311e94e865420604d225bb74329b577b4f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fbb311e94e865420604d225bb74329b577b4f0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to