Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d0fb508b by Moritz Muehlenhoff at 2024-04-13T15:50:10+02:00 bookworm/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -165,7 +165,7 @@ CVE-2024-30381 (An Exposure of Sensitive Information to an Unauthorized Actor vu CVE-2024-30210 (IO-1020 Micro ELD uses a default WIFI password that could allow an adj ...) NOT-FOR-US: IO-1020 Micro ELD CVE-2024-2397 (Due to a bug in packet data buffers management, the PPP printer in tcp ...) - - tcpdump <unfixed> + - tcpdump <not-affected> (Vulnerable code not present in any version uploaded to Debian) NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/0d4083ee8687a9f6578e26a1407bd9f2a9d27885 NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 CVE-2024-29461 (An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote a ...) @@ -252,6 +252,7 @@ CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 thr NOT-FOR-US: IBM CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) - ffmpeg <unfixed> + [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg <not-affected> (Vulnerable code not present) [buster] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/10691 @@ -7323,6 +7324,7 @@ CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authentic NOT-FOR-US: Kiloview CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...) - distrobox 1.7.0.1-1 + [bookworm] - distrobox <no-dsa> (Minor issue) NOTE: https://github.com/89luca89/distrobox/issues/1275 NOTE: Fixed by: https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 (1.7.0.1) CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...) ===================================== data/dsa-needed.txt ===================================== @@ -11,7 +11,7 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. -apache2 +apache2 (jmm) -- cryptojs -- @@ -49,9 +49,9 @@ opennds/stable -- org-mode -- -php7.4 +php7.4 (jmm) -- -php8.2 +php8.2 (jmm) -- php-cas/oldstable -- @@ -92,6 +92,8 @@ salt/oldstable -- squid -- +trafficserver (jmm) +-- webkit2gtk (berto) -- wpa View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0fb508be1bf96b0230bc39ce4794bf70fe1606f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits