Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0fb508b by Moritz Muehlenhoff at 2024-04-13T15:50:10+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -165,7 +165,7 @@ CVE-2024-30381 (An Exposure of Sensitive Information to an
Unauthorized Actor vu
CVE-2024-30210 (IO-1020 Micro ELD uses a default WIFI password that could
allow an adj ...)
NOT-FOR-US: IO-1020 Micro ELD
CVE-2024-2397 (Due to a bug in packet data buffers management, the PPP printer
in tcp ...)
- - tcpdump <unfixed>
+ - tcpdump <not-affected> (Vulnerable code not present in any version
uploaded to Debian)
NOTE: Introduced by:
https://github.com/the-tcpdump-group/tcpdump/commit/0d4083ee8687a9f6578e26a1407bd9f2a9d27885
NOTE: Fixed by:
https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
CVE-2024-29461 (An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a
remote a ...)
@@ -252,6 +252,7 @@ CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through
6.0.3.9, 6.1.0.0 thr
NOT-FOR-US: IBM
CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version
n6.1-3-g466799d4f5, al ...)
- ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/10691
@@ -7323,6 +7324,7 @@ CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview
NDI allows un-authentic
NOT-FOR-US: Kiloview
CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary
code vi ...)
- distrobox 1.7.0.1-1
+ [bookworm] - distrobox <no-dsa> (Minor issue)
NOTE: https://github.com/89luca89/distrobox/issues/1275
NOTE: Fixed by:
https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944
(1.7.0.1)
CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder
before 4. ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -11,7 +11,7 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
-apache2
+apache2 (jmm)
--
cryptojs
--
@@ -49,9 +49,9 @@ opennds/stable
--
org-mode
--
-php7.4
+php7.4 (jmm)
--
-php8.2
+php8.2 (jmm)
--
php-cas/oldstable
--
@@ -92,6 +92,8 @@ salt/oldstable
--
squid
--
+trafficserver (jmm)
+--
webkit2gtk (berto)
--
wpa
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
