Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee2c3034 by Daniel Leidert at 2025-05-01T02:16:22+02:00
Reserve DLA-4149-1 for nagvis
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -153171,7 +153171,6 @@ CVE-2023-5618 (The Modern Footnotes plugin for
WordPress is vulnerable to Stored
CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in
share/se ...)
- nagvis 1:1.9.38-1
[bookworm] - nagvis <no-dsa> (Minor issue)
- [bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
NOTE: https://github.com/NagVis/nagvis/pull/356
NOTE:
https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5
(nagvis-1.9.38)
@@ -209080,7 +209079,6 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was
discovered to contain a SQL
NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary
file read ...)
- nagvis 1:1.9.34-1
- [bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
NOTE:
https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a
(nagvis-1.9.34)
CVE-2022-46944
@@ -214716,7 +214714,6 @@ CVE-2022-45198 (Pillow before 9.2.0 performs Improper
Handling of Highly Compres
NOTE: https://github.com/python-pillow/Pillow/pull/6402
CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified
as pro ...)
- nagvis 1:1.9.34-1
- [bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
NOTE:
https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5
(nagvis-1.9.34)
CVE-2022-3978 (A vulnerability, which was classified as problematic, was found
in Nod ...)
@@ -323502,7 +323499,6 @@ CVE-2021-33179 (The general user interface in Nagios
XI versions prior to 5.8.4
NOT-FOR-US: Nagios XI
CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions
prior to 1 ...)
- nagvis 1:1.9.29-1
- [bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
[stretch] - nagvis <no-dsa> (Minor issue)
NOTE:
https://github.com/NagVis/nagvis/commit/275952cb7669d48861634e60583bc25291a101a2
(nagvis-1.9.29)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DLA-4149-1 nagvis - security update
+ {CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287
CVE-2024-13722 CVE-2024-13723 CVE-2024-47093}
+ [bullseye] - nagvis 1:1.9.25-2+deb11u1
[30 Apr 2025] DLA-4126-2 jinja2 - regression update
[bullseye] - jinja2 2.11.3-1+deb11u4
[30 Apr 2025] DLA-4148-1 vips - security update
=====================================
data/dla-needed.txt
=====================================
@@ -231,7 +231,7 @@ nagvis (dleidert)
NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
NOTE: 20250119: when testing your fix for bookworm. (bunk)
NOTE: 20250221:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/193 (ah)
- NOTE: 20250423: WIP (dleidert)
+ NOTE: 20250501: DLA released; but we really should discuss #193 and I'll
maybe take it (dleidert)
--
nginx
NOTE: 20250207: Added by Front-Desk (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2c3034518f3c5d8b467ccc0008a3766f0c8387
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2c3034518f3c5d8b467ccc0008a3766f0c8387
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
