bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 05 Apr 2024 11:23:07 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
434878ad by Moritz Muehlenhoff at 2024-04-05T20:19:39+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3748,18 +3748,26 @@ CVE-2024-28386 (An issue in Home-Made.io fastmagsync 
v.1.7.51 and before allows
        NOT-FOR-US: PrestaShop module
 CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the 
web. Code  ...)
        - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+       [bookworm] - node-katex <no-dsa> (Minor issue)
+       [bullseye] - node-katex <no-dsa> (Minor issue)
        NOTE: 
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329
        NOTE: 
https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de 
(v0.16.10)
 CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the 
web. KaTeX ...)
        - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+       [bookworm] - node-katex <no-dsa> (Minor issue)
+       [bullseye] - node-katex <no-dsa> (Minor issue)
        NOTE: 
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h
        NOTE: 
https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 
(v0.16.10)
 CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the 
web. KaTeX ...)
        - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+       [bookworm] - node-katex <no-dsa> (Minor issue)
+       [bullseye] - node-katex <no-dsa> (Minor issue)
        NOTE: 
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc
        NOTE: 
https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 
(v0.16.10)
 CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the 
web. KaTeX ...)
        - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805)
+       [bookworm] - node-katex <no-dsa> (Minor issue)
+       [bullseye] - node-katex <no-dsa> (Minor issue)
        NOTE: 
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w
        NOTE: 
https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 
(v0.16.10)
 CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs 
supported on W ...)
@@ -4057,11 +4065,10 @@ CVE-2024-27280 [Buffer overread vulnerability in 
StringIO]
        TODO: check details
 CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component 
may acce ...)
        - qt6-base <unfixed> (bug #1068454)
-       - qtbase-opensource-src <unfixed>
-       - qtbase-opensource-src-gles <unfixed>
+       - qtbase-opensource-src <not-affected> (Only affects Qt6)
+       - qtbase-opensource-src-gles <not-affected> (Only affects Qt6)
        NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314
        NOTE: 
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365
-       TODO: check details
 CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 
6.0.13 L ...)
        - varnish <unfixed> (bug #1068455)
        [bookworm] - varnish <ignored> (Minor issue, too intrusive to backport)
@@ -4596,6 +4603,8 @@ CVE-2024-29026 (Owncast is an open source, self-hosted, 
decentralized, single us
        NOT-FOR-US: Owncast
 CVE-2024-29018 (Moby is an open source container framework that is a key 
component of  ...)
        - docker.io <unfixed> (bug #1068460)
+       [bookworm] - docker.io <no-dsa> (Minor issue)
+       [bullseye] - docker.io <no-dsa> (Minor issue)
        NOTE: 
https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx
        NOTE: https://github.com/moby/moby/pull/46609
 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability)
@@ -5364,6 +5373,7 @@ CVE-2024-22453 (Dell PowerEdge Server BIOS contains a 
heap-based buffer overflow
        NOT-FOR-US: Dell
 CVE-2024-22412 (ClickHouse is an open-source column-oriented database 
management syste ...)
        - clickhouse <unfixed> (bug #1067178)
+       [bullseye] - clickhouse <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/58611
 CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and 
before 3.4.9  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to