Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ec0464b by Moritz Muehlenhoff at 2025-01-17T09:21:21+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -324,6 +324,7 @@ CVE-2024-45341
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/71156
@@ -333,6 +334,7 @@ CVE-2024-45336
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/70530
@@ -526,6 +528,7 @@ CVE-2025-20072 (Mattermost Mobile versions <= 2.22.0 fail
to properly validate t
NOT-FOR-US: Mattermost Mobile
CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read vulnerability in
FFmpeg all ...)
- ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
CVE-2025-0473 (Vulnerability in the PMB platform that allows an attacker to
persist t ...)
TODO: check
@@ -2100,118 +2103,148 @@ CVE-2024-57811 (In Eaton X303 3.5.16 - X303 3.5.17
Build 712, an attacker with n
NOT-FOR-US: Eaton
CVE-2024-57664 (An issue in the sqlg_group_node component of openlink
virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1211
CVE-2024-57663 (An issue in the sqlg_place_dpipes component of openlink
virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1218
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/f43a780d70544af89e9af3c62213db81fdd80b2b
(v7.2.12)
CVE-2024-57662 (An issue in the sqlg_hash_source component of openlink
virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1217
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/834b99868e4ac3cfd778f6f4ad9476764f3c09b6
(v7.2.12)
CVE-2024-57661 (An issue in the sqlo_df component of openlink
virtuoso-opensource v7.2 ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1220
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/a6061c06256a46d87c9e037b9b462259960163bf
(v7.2.12)
CVE-2024-57660 (An issue in the sqlo_expand_jts component of openlink
virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1221
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/976880190ee0fcecffac03a6929d268152de3a61
(v7.2.12)
CVE-2024-57659 (An issue in the sqlg_parallel_ts_seq component of openlink
virtuoso-op ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1212
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/59c5767996062a0949b5412822ec8cca1962589f
(v7.2.12)
CVE-2024-57658 (An issue in the sql_tree_hash_1 component of openlink
virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1209
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/2fdea48eba6156914c1ba4f488895166c0c00462
(v7.2.12)
CVE-2024-57657 (An issue in the sqlg_vec_upd component of openlink
virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1219
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/cdb0bc3e414e15e2153515af07056daebd3d9153
(v7.2.12)
CVE-2024-57656 (An issue in the sqlc_add_distinct_node component of openlink
virtuoso- ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1210
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/7f529772659db67c720f32898abbbe97b0d25a34
(v7.2.12)
CVE-2024-57655 (An issue in the dfe_n_in_order component of openlink
virtuoso-opensour ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1216
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/2657d5396fb77885c645c7106a7e046a1ccb209d
(v7.2.12)
CVE-2024-57654 (An issue in the qst_vec_get_int64 component of openlink
virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1205
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/de5a2fd87577b8bd72ce009fe6b9d374b5d94742
(v7.2.12)
CVE-2024-57653 (An issue in the qst_vec_set_copy component of openlink
virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1208
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/90d7d3e12d7ea62ed2ed0274d03f33a1cd65c58b
(v7.2.12)
CVE-2024-57652 (An issue in the numeric_to_dv component of openlink
virtuoso-opensourc ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1198
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/b14ad6460418c2fbaf3f278b75d7b27da361a297
(v7.2.12)
CVE-2024-57651 (An issue in the jp_add component of openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1196
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/d905d53aa5d8f17877898b0196d07a53121e551f
(v7.2.12)
CVE-2024-57650 (An issue in the qi_inst_state_free component of openlink
virtuoso-open ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1204
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/3d1a576d8d0bdd295bf7529a544ed6d13976bbe4
(v7.2.12)
CVE-2024-57649 (An issue in the qst_vec_set component of openlink
virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1206
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/8f26eaca48cf6368962893326407b0aaeecce7f5
(v7.2.12)
CVE-2024-57648 (An issue in the itc_set_param_row component of openlink
virtuoso-opens ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1195
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/97291b7abad04bce0c60c952b48b529724c1016c
(v7.2.12)
CVE-2024-57647 (An issue in the row_insert_cast component of openlink
virtuoso-opensou ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1207
CVE-2024-57646 (An issue in the psiginfo component of openlink
virtuoso-opensource v7. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1199
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/301135ac866ac434e8d87c5960ea324a196fe82d
(v7.2.12)
CVE-2024-57645 (An issue in the qi_inst_state_free component of openlink
virtuoso-open ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1197
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/97291b7abad04bce0c60c952b48b529724c1016c
(v7.2.12)
CVE-2024-57644 (An issue in the itc_hash_compare component of openlink
virtuoso-openso ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1193
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/f5c9f5eaabd423ebdf4bc7b1472bab2865f94e5e
(v7.2.12)
CVE-2024-57643 (An issue in the box_deserialize_string component of openlink
virtuoso- ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1181
CVE-2024-57642 (An issue in the dfe_inx_op_col_def_table component of openlink
virtuos ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1191
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/fb0cf1cdd1ec20e226d8f0eb41710eaf8093437b
(v7.2.12)
CVE-2024-57641 (An issue in the sqlexp component of openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1183
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/b0db2ad4a32a033f5953680781e90a21bc388161
(v7.2.12)
CVE-2024-57640 (An issue in the dc_add_int component of openlink
virtuoso-opensource v ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1184
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/d15cde608dcbd7f6d76c3a07b366db176ee06e5d
(v7.2.12)
CVE-2024-57639 (An issue in the dc_elt_size component of openlink
virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1185
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/766abd31eea11445a7086ec94955db3e328fddf7
(v7.2.12)
CVE-2024-57638 (An issue in the dfe_body_copy component of openlink
virtuoso-opensourc ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1190
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/fb0cf1cdd1ec20e226d8f0eb41710eaf8093437b
(v7.2.12)
CVE-2024-57637 (An issue in the dfe_unit_gb_dependant component of openlink
virtuoso-o ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1192
CVE-2024-57636 (An issue in the itc_sample_row_check component of openlink
virtuoso-op ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1194
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/b14ad6460418c2fbaf3f278b75d7b27da361a297
(v7.2.12)
CVE-2024-57635 (An issue in the chash_array component of openlink
virtuoso-opensource ...)
- virtuoso-opensource 7.2.12+dfsg-0.2
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1182
NOTE:
https://github.com/openlink/virtuoso-opensource/commit/18fe9fdd2ef8380d1c7fcd48a2f6e6e401817724
(v7.2.12)
CVE-2024-57634 (An issue in the exp_copy component of MonetDB Server v11.49.1
allows a ...)
@@ -7621,6 +7654,7 @@ CVE-2024-8992 (Some Honor products are affected by
information leak vulnerabilit
NOT-FOR-US: Honor
CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a
default /et ...)
- shadow <unfixed>
+ [bookworm] - shadow <no-dsa> (Minor issue)
NOTE: https://github.com/shadow-maint/shadow/issues/1157
CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote
Code Exe ...)
NOT-FOR-US: TOTOLINK
@@ -13870,11 +13904,13 @@ CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site
Scripting (XSS) via the co
NOT-FOR-US: Zulip
CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the
streamformatter ...)
- docker.io 26.1.4+dfsg1-9
+ [bookworm] - docker.io <no-dsa> (Minor issue)
NOTE:
https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb
(v26.0.0-rc1)
CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection
vulnera ...)
NOT-FOR-US: RaspAP raspap-webgui
CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in
builder/builder-next/a ...)
- docker.io 26.1.4+dfsg1-9
+ [bookworm] - docker.io <no-dsa> (Minor issue)
[bullseye] - docker.io <postponed> (minor; DoS by ressource leak)
NOTE:
https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e
(v26.0.0-rc2)
CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer
Dereference via d ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ frr
gh
Santiago Vila might work on preparing an update
--
+git (carnil)
+--
jetty9
--
libreswan
@@ -51,6 +53,8 @@ php-laravel-framework
python-django
Chris is working on it
--
+redis
+--
ring
--
rsync (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec0464bb7b9d5a838e7c89bbb87f7f8d71fee5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec0464bb7b9d5a838e7c89bbb87f7f8d71fee5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
