Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7f9575ae by Moritz Muehlenhoff at 2024-04-30T10:21:11+02:00 bookworm/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -316,6 +316,8 @@ CVE-2024-4292 (A vulnerability classified as critical has been found in Contempo NOT-FOR-US: Contemporary Controls BASrouter BACnet BASRT-B CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...) - node-ejs 3.1.10+~3.1.5-1 + [bookworm] - node-ejs <no-dsa> (Minor issue) + [bullseye] - node-ejs <no-dsa> (Minor issue) NOTE: https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5 (v3.1.10) CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...) TODO: check @@ -4129,6 +4131,8 @@ CVE-2023-38511 (iTop is an IT service management platform. Dashboard editor : c NOT-FOR-US: iTop CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection] - ngircd 27~rc1-1 + [bookworm] - ngircd <no-dsa> (Minor issue, will be fixed via point update) + [bullseye] - ngircd <no-dsa> (Minor issue, will be fixed via point update) NOTE: https://github.com/ngircd/ngircd/issues/120 NOTE: https://github.com/ngircd/ngircd/commit/817937b218c4b57515f54216ebc936cd69df0aae (rel-27-rc1) CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...) @@ -15354,6 +15358,8 @@ CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integr NOT-FOR-US: cloudevents/sdk-go CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...) - python-jwcrypto <unfixed> (bug #1065688) + [bookworm] - python-jwcrypto <no-dsa> (Minor issue) + [bullseye] - python-jwcrypto <no-dsa> (Minor issue) NOTE: https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97 NOTE: https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f (v1.5.6) CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a federated ...) @@ -141409,8 +141415,8 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encr CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...) [experimental] - samba 2:4.17.0+dfsg-1 - samba 2:4.17.2+dfsg-3 (bug #1021022) - [bullseye] - samba <no-dsa> (Minor issue) - [buster] - samba <postponed> (Minor issue) + [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833 CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...) {DSA-5205-1 DLA-3792-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9575ae0e7f5912bbd29f038baaf027732053af You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits