389-ds-base as no-dsa for buster

Utkarsh Gupta (@utkarsh) Mon, 12 Feb 2024 04:47:07 -0800


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5ae7abee by Utkarsh Gupta at 2024-02-12T18:13:37+05:30
Mark CVE-2024-1062/389-ds-base as no-dsa for buster

- - - - -
63f7f54d by Utkarsh Gupta at 2024-02-12T18:14:03+05:30
Mark CVE-2024-25062/libxml2 as no-dsa for buster

- - - - -
9c07d9b1 by Utkarsh Gupta at 2024-02-12T18:14:31+05:30
Mark CVE-2021-4435/node-yarnpkg as no-dsa for buster

- - - - -
385365ef by Utkarsh Gupta at 2024-02-12T18:15:04+05:30
Mark CVE-2024-23334/python-aiohttp as no-dsa for buster

- - - - -
e62809b1 by Utkarsh Gupta at 2024-02-12T18:15:24+05:30
Mark CVE-2024-23829/python-aiohttp as no-dsa for buster

- - - - -
386fab4b by Utkarsh Gupta at 2024-02-12T18:15:45+05:30
Mark CVE-2024-22667/vim as no-dsa for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1350,6 +1350,7 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based 
buffer overflow because di
        - vim 2:9.0.2189-1
        [bookworm] - vim <no-dsa> (Minor issue)
        [bullseye] - vim <no-dsa> (Minor issue)
+       [buster] - vim <no-dsa> (Minor issue)
        NOTE: 
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 
(v9.0.2142)
        NOTE: 
https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
 CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos 
device dri ...)
@@ -1399,6 +1400,7 @@ CVE-2024-25062 (An issue was discovered in libxml2 before 
2.11.7 and 2.12.x befo
        - libxml2 <unfixed> (bug #1063234)
        [bookworm] - libxml2 <no-dsa> (Minor issue)
        [bullseye] - libxml2 <no-dsa> (Minor issue)
+       [buster] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7
 (v2.11.7)
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970884fcc13305cb8e23cdc5f0dd7667c2c
 (v2.12.5)
@@ -2174,6 +2176,7 @@ CVE-2024-1062 [a heap overflow leading to 
denail-of-servce while writing a value
        - 389-ds-base <unfixed>
        [bookworm] - 389-ds-base <no-dsa> (Minor issue)
        [bullseye] - 389-ds-base <no-dsa> (Minor issue)
+       [buster] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711
        NOTE: https://github.com/389ds/389-ds-base/issues/5647
@@ -2339,6 +2342,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP 
client/server framework for asyn
        - python-aiohttp <unfixed> (bug #1062708)
        [bookworm] - python-aiohttp <no-dsa> (Minor issue)
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
+       [buster] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
        NOTE: https://github.com/aio-libs/aiohttp/pull/8074
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
 (master)
@@ -2347,6 +2351,7 @@ CVE-2024-23334 (aiohttp is an asynchronous HTTP 
client/server framework for asyn
        - python-aiohttp <unfixed> (bug #1062709)
        [bookworm] - python-aiohttp <no-dsa> (Minor issue)
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
+       [buster] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
        NOTE: https://github.com/aio-libs/aiohttp/pull/8079
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
 (master)
@@ -4423,6 +4428,7 @@ CVE-2023-48339 (In jpg driver, there is a possible 
missing permission check. Thi
 CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When 
a victi ...)
        - node-yarnpkg 1.22.19+~cs24.27.18-1
        [bullseye] - node-yarnpkg <no-dsa> (Minor issue)
+       [buster] - node-yarnpkg <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284
        NOTE: Fixed by: 
https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 
(v1.22.12)
        TODO: check, too few details in RHBZ#2262284



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: Mark CVE-2024-1062/389-ds-base as no-dsa for buster

Reply via email to