[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon, 23 Dec 2024 03:58:35 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c97f2d7 by Moritz Muehlenhoff at 2024-12-23T12:57:57+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds 
read vul ...)
        - poppler <unfixed>
+       [bookworm] - poppler <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
 CVE-2024-56375 (An integer underflow was discovered in Fort 1.6.3 and 1.6.4 
before 1.6 ...)
@@ -684,6 +685,7 @@ CVE-2024-53688 (Improper neutralization of special elements 
used in an OS comman
        NOT-FOR-US: FXC AE1021
 CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing 
entries ( ...)
        - ldap-account-manager <unfixed> (bug #1090934)
+       [bookworm] - ldap-account-manager <no-dsa> (Minor issue)
        NOTE: 
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc
 CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to 
obtain se ...)
        NOT-FOR-US: H3C switch h3c-S1526
@@ -30879,6 +30881,7 @@ CVE-2024-45240 (The TikTok (aka 
com.zhiliaoapp.musically) application before 34.
 CVE-2024-45239 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        - fort-validator 1.6.3-1
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
+       NOTE: 
https://github.com/NICMx/FORT-validator/commit/942f921ba7244cdcf4574cedc4c16392a7cc594b
 (1.6.3)
 CVE-2024-45238 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        - fort-validator 1.6.3-1
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 cacti
 --
+fastnetmon (jmm)
+--
 frr
   coordination with the maintainer ongoing
 --
@@ -52,7 +54,7 @@ trafficserver
 --
 wordpress
 --
-xen
+xen (jmm)
 --
 zabbix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c97f2d70df6784c05d38a9987c8d78b5b0151c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c97f2d70df6784c05d38a9987c8d78b5b0151c8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to