Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ae7abee by Utkarsh Gupta at 2024-02-12T18:13:37+05:30 Mark CVE-2024-1062/389-ds-base as no-dsa for buster - - - - - 63f7f54d by Utkarsh Gupta at 2024-02-12T18:14:03+05:30 Mark CVE-2024-25062/libxml2 as no-dsa for buster - - - - - 9c07d9b1 by Utkarsh Gupta at 2024-02-12T18:14:31+05:30 Mark CVE-2021-4435/node-yarnpkg as no-dsa for buster - - - - - 385365ef by Utkarsh Gupta at 2024-02-12T18:15:04+05:30 Mark CVE-2024-23334/python-aiohttp as no-dsa for buster - - - - - e62809b1 by Utkarsh Gupta at 2024-02-12T18:15:24+05:30 Mark CVE-2024-23829/python-aiohttp as no-dsa for buster - - - - - 386fab4b by Utkarsh Gupta at 2024-02-12T18:15:45+05:30 Mark CVE-2024-22667/vim as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1350,6 +1350,7 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because di - vim 2:9.0.2189-1 [bookworm] - vim <no-dsa> (Minor issue) [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) NOTE: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 (v9.0.2142) NOTE: https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...) @@ -1399,6 +1400,7 @@ CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x befo - libxml2 <unfixed> (bug #1063234) [bookworm] - libxml2 <no-dsa> (Minor issue) [bullseye] - libxml2 <no-dsa> (Minor issue) + [buster] - libxml2 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 (v2.11.7) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970884fcc13305cb8e23cdc5f0dd7667c2c (v2.12.5) @@ -2174,6 +2176,7 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value - 389-ds-base <unfixed> [bookworm] - 389-ds-base <no-dsa> (Minor issue) [bullseye] - 389-ds-base <no-dsa> (Minor issue) + [buster] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711 NOTE: https://github.com/389ds/389-ds-base/issues/5647 @@ -2339,6 +2342,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn - python-aiohttp <unfixed> (bug #1062708) [bookworm] - python-aiohttp <no-dsa> (Minor issue) [bullseye] - python-aiohttp <no-dsa> (Minor issue) + [buster] - python-aiohttp <no-dsa> (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 NOTE: https://github.com/aio-libs/aiohttp/pull/8074 NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master) @@ -2347,6 +2351,7 @@ CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyn - python-aiohttp <unfixed> (bug #1062709) [bookworm] - python-aiohttp <no-dsa> (Minor issue) [bullseye] - python-aiohttp <no-dsa> (Minor issue) + [buster] - python-aiohttp <no-dsa> (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f NOTE: https://github.com/aio-libs/aiohttp/pull/8079 NOTE: https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b (master) @@ -4423,6 +4428,7 @@ CVE-2023-48339 (In jpg driver, there is a possible missing permission check. Thi CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a victi ...) - node-yarnpkg 1.22.19+~cs24.27.18-1 [bullseye] - node-yarnpkg <no-dsa> (Minor issue) + [buster] - node-yarnpkg <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284 NOTE: Fixed by: https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 (v1.22.12) TODO: check, too few details in RHBZ#2262284 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8be3d2ae6c4b537410f882a74537b85d4de3bd56...386fab4b6169694777d815bbe08a7880c3ab7745 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits