Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8c8eeed by Sylvain Beucler at 2024-05-04T18:03:21+02:00
CVE-2017-7938,CVE-2020-14931,CVE-2024-31837/dmitry: buster postponed
- - - - -
5aa5566a by Sylvain Beucler at 2024-05-04T18:03:23+02:00
ofono: follow stable triage, buster posponed
- - - - -
89bee352 by Sylvain Beucler at 2024-05-04T18:03:25+02:00
gdcm: follow stable triage, buster postponed
- - - - -
5c3f6593 by Sylvain Beucler at 2024-05-04T18:03:25+02:00
dla: add libkf5ksieve
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3246,6 +3246,7 @@ CVE-2024-31837 (DMitry (Deepmagic Information Gathering
Tool) 1.3a has a format-
- dmitry <unfixed>
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
+ [buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
NOTE: https://github.com/jaygreig86/dmitry/pull/12
CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection
vulnera ...)
NOT-FOR-US: Limbas
@@ -4241,6 +4242,7 @@ CVE-2024-25569 (An out-of-bounds read vulnerability
exists in the RAWCodec::Deco
- gdcm <unfixed>
[bookworm] - gdcm <no-dsa> (Minor issue)
[bullseye] - gdcm <no-dsa> (Minor issue)
+ [buster] - gdcm <postponed> (Minor issue, follow bullseye)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
NOT-FOR-US: IBM
@@ -4248,11 +4250,13 @@ CVE-2024-22391 (A heap-based buffer overflow
vulnerability exists in the LookupT
- gdcm <unfixed>
[bookworm] - gdcm <no-dsa> (Minor issue)
[bullseye] - gdcm <no-dsa> (Minor issue)
+ [buster] - gdcm <postponed> (Minor issue, follow bullseye)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
CVE-2024-22373 (An out-of-bounds write vulnerability exists in the
JPEG2000Codec::Deco ...)
- gdcm <unfixed>
[bookworm] - gdcm <no-dsa> (Minor issue)
[bullseye] - gdcm <no-dsa> (Minor issue)
+ [buster] - gdcm <postponed> (Minor issue, follow bullseye)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
@@ -5575,21 +5579,25 @@ CVE-2023-4235 (A flaw was found in ofono, an Open
Source Telephony on Linux. A s
- ofono <unfixed>
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
+ [buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402
CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
+ [buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399
CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
+ [buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- ofono <unfixed>
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
+ [buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255394
CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60
allowed a ...)
{DSA-5668-1}
@@ -8431,6 +8439,7 @@ CVE-2023-2794 (A flaw was found in ofono, an Open Source
Telephony on Linux. A s
- ofono <unfixed> (bug #1069679)
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
+ [buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
NOTE:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
NOTE:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
@@ -292140,6 +292149,7 @@ CVE-2020-14931 (A stack-based buffer overflow in
DMitry (Deepmagic Information G
- dmitry <unfixed>
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
+ [buster] - dmitry <postponed> (Minor issue, requires hostile whois
server)
NOTE: https://github.com/jaygreig86/dmitry/issues/4
NOTE: https://github.com/jaygreig86/dmitry/pull/6
NOTE: Fixed by:
https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192
@@ -472280,6 +472290,7 @@ CVE-2017-7938 (Stack-based buffer overflow in DMitry
(Deepmagic Information Gath
- dmitry <unfixed>
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
+ [buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
NOTE:
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
NOTE: https://github.com/jaygreig86/dmitry/pull/12
CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix
Contact Gmb ...)
=====================================
data/dla-needed.txt
=====================================
@@ -116,6 +116,10 @@ jenkins-htmlunit-core-js
less (Abhijith PA)
NOTE: 20240418: Added by Front-Desk (apo)
--
+libkf5ksieve
+ NOTE: 20240504: Added by Front-Desk (Beuc)
+ NOTE: 20240504: Follow PU #1069836/#1069690 (Beuc/front-desk)
+--
libmojolicious-perl
NOTE: 20240421: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b23947176c7ede9a9b9260cbea8ad041a135fe44...5c3f6593ac7705285bafd1e310639110f8b285a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b23947176c7ede9a9b9260cbea8ad041a135fe44...5c3f6593ac7705285bafd1e310639110f8b285a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
