[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Wed, 11 Dec 2024 00:53:37 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e87abc2 by Moritz Muehlenhoff at 2024-12-11T09:47:10+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -587,7 +587,8 @@ CVE-2024-47484 (Dell Avamar, version(s) 19.9, contain(s) an 
Improper Neutralizat
 CVE-2024-47117 (IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) 
is vuln ...)
        NOT-FOR-US: IBM
 CVE-2024-46657 (Artifex Software mupdf v1.24.9 was discovered to contain a 
segmentatio ...)
-       - mupdf <unfixed> (bug #1089681)
+       - mupdf <unfixed> (bug #1089681; unimportant)
+       NOTE: Crash in CLI tool, no security impact
        NOTE: Fixed by: 
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac
 (1.25.0-rc1)
 CVE-2024-46442 (An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows 
attacke ...)
        NOT-FOR-US: BYD Dilink Headunit System
@@ -2930,9 +2931,11 @@ CVE-2024-36611 (In Symfony v7.07, a security 
vulnerability was identified in the
        [experimental] - symfony 7.1.0~beta1+dfsg-1
        - symfony <unfixed> (bug #1088817)
        NOTE: 
https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
 (v7.1.0-BETA1)
+       NOTE: Not considered a security issue by upstream: 
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
 CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of 
the VarDum ...)
-       - symfony 6.4.4+dfsg-3
+       - symfony 6.4.4+dfsg-3 (unimportant)
        NOTE: Fixed by: 
https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259
 (v6.4.4)
+       NOTE: Not considered a security issue by upstream: 
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
 CVE-2024-35371 (Ant-Media-Serverv2.8.2 is affected by Improper Output 
Neutralization f ...)
        NOT-FOR-US: Ant-Media-Server
 CVE-2024-35369 (In FFmpeg version n6.1.1, specifically within the 
avcodec/speexdec.c m ...)
@@ -4393,8 +4396,9 @@ CVE-2024-11630 (A vulnerability has been found in E-Lins 
H685, H685f, H700, H720
 CVE-2024-11619 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: macrozheng mall
 CVE-2024-11612 (7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. 
This vu ...)
-       - 7zip 24.08+dfsg-1
-       - p7zip 16.02+transitional.1
+       - 7zip 24.08+dfsg-1 (unimportant)
+       - p7zip 16.02+transitional.1 (unimportant)
+       NOTE: Crash in CLI tool, no security impact
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1606/
        NOTE: 
https://bushido-sec.com/index.php/2024/11/22/2ourc3-vulnerabiltiy-7zip-fuzzing/
        NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source 
package
@@ -50797,6 +50801,7 @@ CVE-2024-2451 (Improper fingerprint validation in the 
TeamViewer Client (Full &
        NOT-FOR-US: TeamViewer
 CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap 
server ...)
        - 389-ds-base 3.1.1+dfsg1-1 (bug #1072531)
+       [bookworm] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2267976
        NOTE: 
https://github.com/389ds/389-ds-base/commit/36a2f1d5e4e2265140320087104c6799a97c28d9
 (389-ds-base-3.1.1)
        NOTE: 
https://github.com/389ds/389-ds-base/commit/63946b8e63328efc9b36a01f99d5ba71e243fcfa
 (389-ds-base-2.4.6)


=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ openafs
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+php-laravel-framework
+--
 python-aiohttp (jmm)
 --
 python-django



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e87abc282e32e7e18a87795d273a48d937e2bfe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e87abc282e32e7e18a87795d273a48d937e2bfe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to