Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
874fd2fb by Thorsten Alteholz at 2024-05-13T00:36:43+02:00
mark CVE-2024-34064 as postponed for Buster
- - - - -
cb66bf1c by Thorsten Alteholz at 2024-05-13T00:40:55+02:00
mark CVE-2024-27306 as postponed for Buster
- - - - -
1f64abb2 by Thorsten Alteholz at 2024-05-13T00:41:42+02:00
mark CVE-2024-27305 as postponed for Buster
- - - - -
a7ca5f03 by Thorsten Alteholz at 2024-05-13T00:42:51+02:00
mark CVE-2024-34062 as postponed for Buster
- - - - -
84844f5d by Thorsten Alteholz at 2024-05-13T00:44:49+02:00
mark CVE-2024-30251 as postponed for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1622,6 +1622,7 @@ CVE-2024-34064 (Jinja is an extensible templating engine.
The `xmlattr` filter i
- jinja2 <unfixed> (bug #1070712)
[bookworm] - jinja2 <no-dsa> (Minor issue)
[bullseye] - jinja2 <no-dsa> (Minor issue)
+ [buster] - jinja2 <postponed> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
NOTE: Fixed by:
https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d
(3.1.4)
CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue
affects ...)
@@ -2149,6 +2150,7 @@ CVE-2024-34062 (tqdm is an open source progress bar for
Python and CLI. Any opti
- tqdm 4.66.4-1 (bug #1070372)
[bookworm] - tqdm <no-dsa> (Minor issue)
[bullseye] - tqdm <no-dsa> (Minor issue)
+ [buster] - tqdm <postponed> (Minor issue)
NOTE:
https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
NOTE: Fixed by:
https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721
(v4.66.3)
CVE-2024-34061 (changedetection.io is a free open source web page change
detection, we ...)
@@ -3985,6 +3987,7 @@ CVE-2024-4029 (A vulnerability was found in
Wildfly\u2019s management interface.
- wildfly <itp> (bug #752018)
CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp <unfixed> (bug #1070364)
+ [buster] - python-aiohttp <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
(v3.9.4)
@@ -7478,6 +7481,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP
client/server framework for asyn
- python-aiohttp <unfixed> (bug #1070665)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
+ [buster] - python-aiohttp <postponed> (Minor issue)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
NOTE: https://github.com/aio-libs/aiohttp/pull/8319
NOTE:
https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
(v3.9.4)
@@ -19676,6 +19680,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the
Python stdlib smtpd.py bas
- python-aiosmtpd <unfixed> (bug #1066820)
[bookworm] - python-aiosmtpd <no-dsa> (Minor issue)
[bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
+ [buster] - python-aiosmtpd <postponed> (Minor issue)
NOTE:
https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
NOTE:
https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb
(1.4.5)
CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before,
allows a rem ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
