Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 434878ad by Moritz Muehlenhoff at 2024-04-05T20:19:39+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3748,18 +3748,26 @@ CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows NOT-FOR-US: PrestaShop module CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) + [bookworm] - node-katex <no-dsa> (Minor issue) + [bullseye] - node-katex <no-dsa> (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329 NOTE: https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de (v0.16.10) CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) + [bookworm] - node-katex <no-dsa> (Minor issue) + [bullseye] - node-katex <no-dsa> (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h NOTE: https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 (v0.16.10) CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) + [bookworm] - node-katex <no-dsa> (Minor issue) + [bullseye] - node-katex <no-dsa> (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc NOTE: https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 (v0.16.10) CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) + [bookworm] - node-katex <no-dsa> (Minor issue) + [bullseye] - node-katex <no-dsa> (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10) CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) @@ -4057,11 +4065,10 @@ CVE-2024-27280 [Buffer overread vulnerability in StringIO] TODO: check details CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...) - qt6-base <unfixed> (bug #1068454) - - qtbase-opensource-src <unfixed> - - qtbase-opensource-src-gles <unfixed> + - qtbase-opensource-src <not-affected> (Only affects Qt6) + - qtbase-opensource-src-gles <not-affected> (Only affects Qt6) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314 NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365 - TODO: check details CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) - varnish <unfixed> (bug #1068455) [bookworm] - varnish <ignored> (Minor issue, too intrusive to backport) @@ -4596,6 +4603,8 @@ CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single us NOT-FOR-US: Owncast CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) - docker.io <unfixed> (bug #1068460) + [bookworm] - docker.io <no-dsa> (Minor issue) + [bullseye] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx NOTE: https://github.com/moby/moby/pull/46609 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) @@ -5364,6 +5373,7 @@ CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow NOT-FOR-US: Dell CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...) - clickhouse <unfixed> (bug #1067178) + [bullseye] - clickhouse <no-dsa> (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r NOTE: https://github.com/ClickHouse/ClickHouse/pull/58611 CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434878adcf5c83f25c56abbc6f1f1caf7884b32d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits