Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 910f13ec by Markus Koschany at 2024-04-21T00:04:52+02:00 Triage ffmpeg CVE as postponed for Buster. We can wait until upstream fixes these issues in earlier releases. - - - - - dbf30577 by Markus Koschany at 2024-04-21T00:06:41+02:00 Add gunicorn to dla-needed.txt - - - - - 6906ca1b by Markus Koschany at 2024-04-21T00:10:16+02:00 Add libmojolicious-perl to dla-needed.txt - - - - - c5c88137 by Markus Koschany at 2024-04-21T00:11:28+02:00 CVE-2024-28863,node-tar: buster is no-dsa Minor issue - - - - - 305978e5 by Markus Koschany at 2024-04-21T00:13:02+02:00 CVE-2024-3262,node-tar: buster is no-dsa Minor issue - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -719,12 +719,14 @@ CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer over - ffmpeg <unfixed> [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + [buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2 (n7.0) CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper validation o ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg <unfixed> [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + [buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196 (n7.0) CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...) - pytorch <unfixed> @@ -734,6 +736,7 @@ CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after - ffmpeg <unfixed> [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + [buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 (n7.0) CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...) TODO: check @@ -5238,6 +5241,7 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi - request-tracker4 <unfixed> (bug #1068452) [bookworm] - request-tracker4 <no-dsa> (Minor issue) [bullseye] - request-tracker4 <no-dsa> (Minor issue) + [buster] - request-tracker4 <no-dsa> (Minor issue) - request-tracker5 <unfixed> (bug #1068453) [bookworm] - request-tracker5 <no-dsa> (Minor issue) NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a @@ -9638,6 +9642,7 @@ CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 h - node-tar 6.1.13+~cs7.0.5-2 [bookworm] - node-tar <no-dsa> (Minor issue) [bullseye] - node-tar <no-dsa> (Minor issue) + [buster] - node-tar <no-dsa> (Minor issue) NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 NOTE: https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 (v6.2.1) CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a ...) ===================================== data/dla-needed.txt ===================================== @@ -101,6 +101,9 @@ frr (tobi) glibc (Adrian Bunk) NOTE: 20240419: Added by coordinator (santiago) -- +gunicorn + NOTE: 20240421: Added by Front-Desk (apo) +-- h2o NOTE: 20231228: Added by Front-Desk (lamby) -- @@ -124,6 +127,9 @@ knot-resolver (Markus Koschany) less (Abhijith PA) NOTE: 20240418: Added by Front-Desk (apo) -- +libmojolicious-perl + NOTE: 20240421: Added by Front-Desk (apo) +-- libpgjava (Markus Koschany) NOTE: 20240308: Added by Front-Desk (opal) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d5031c83601fd63aa508b0a09294f2cdfdeb1bb...305978e5b03877349498cdb27f60179f994a9eed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d5031c83601fd63aa508b0a09294f2cdfdeb1bb...305978e5b03877349498cdb27f60179f994a9eed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits