Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 874fd2fb by Thorsten Alteholz at 2024-05-13T00:36:43+02:00 mark CVE-2024-34064 as postponed for Buster - - - - - cb66bf1c by Thorsten Alteholz at 2024-05-13T00:40:55+02:00 mark CVE-2024-27306 as postponed for Buster - - - - - 1f64abb2 by Thorsten Alteholz at 2024-05-13T00:41:42+02:00 mark CVE-2024-27305 as postponed for Buster - - - - - a7ca5f03 by Thorsten Alteholz at 2024-05-13T00:42:51+02:00 mark CVE-2024-34062 as postponed for Buster - - - - - 84844f5d by Thorsten Alteholz at 2024-05-13T00:44:49+02:00 mark CVE-2024-30251 as postponed for Buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1622,6 +1622,7 @@ CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter i - jinja2 <unfixed> (bug #1070712) [bookworm] - jinja2 <no-dsa> (Minor issue) [bullseye] - jinja2 <no-dsa> (Minor issue) + [buster] - jinja2 <postponed> (Minor issue) NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4) CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects ...) @@ -2149,6 +2150,7 @@ CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any opti - tqdm 4.66.4-1 (bug #1070372) [bookworm] - tqdm <no-dsa> (Minor issue) [bullseye] - tqdm <no-dsa> (Minor issue) + [buster] - tqdm <postponed> (Minor issue) NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p NOTE: Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3) CVE-2024-34061 (changedetection.io is a free open source web page change detection, we ...) @@ -3985,6 +3987,7 @@ CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. - wildfly <itp> (bug #752018) CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp <unfixed> (bug #1070364) + [buster] - python-aiohttp <postponed> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4 NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84 NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19 (v3.9.4) @@ -7478,6 +7481,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyn - python-aiohttp <unfixed> (bug #1070665) [bookworm] - python-aiohttp <no-dsa> (Minor issue) [bullseye] - python-aiohttp <no-dsa> (Minor issue) + [buster] - python-aiohttp <postponed> (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g NOTE: https://github.com/aio-libs/aiohttp/pull/8319 NOTE: https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 (v3.9.4) @@ -19676,6 +19680,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas - python-aiosmtpd <unfixed> (bug #1066820) [bookworm] - python-aiosmtpd <no-dsa> (Minor issue) [bullseye] - python-aiosmtpd <no-dsa> (Minor issue) + [buster] - python-aiosmtpd <postponed> (Minor issue) NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits