[Git][security-tracker-team/security-tracker][master] bookworm triage

Fri, 16 Aug 2024 06:34:47 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c2220e4c by Moritz Muehlenhoff at 2024-08-16T15:33:58+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8965,6 +8965,7 @@ CVE-2024-6391 (The oik plugin for WordPress is vulnerable 
to Stored Cross-Site S
        NOT-FOR-US: WordPress plugin
 CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows 
an unau ...)
        - 389-ds-base 2.4.5+dfsg1-1
+       [bookworm] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://github.com/389ds/389-ds-base/issues/5989
        NOTE: 
https://github.com/389ds/389-ds-base/commit/e8dd583685e6143f2027f97569de4cc45ba46e14
 (389-ds-base-2.4.5)
 CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained 
access to ...)
@@ -53416,22 +53417,27 @@ CVE-2024-24474 (QEMU before 8.2.0 has an integer 
underflow, and resultant buffer
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52
 (v8.2.0-rc0)
 CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII 
Header Par ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-23606 (An out-of-bounds write vulnerability exists in the 
sopen_FAMOS_read fu ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23313 (An integer underflow vulnerability exists in the 
sopen_FAMOS_read func ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read 
function ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-23305 (An out-of-bounds write vulnerability exists in the 
BrainVisionMarker P ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/76c1369de1a9a24feed558ab8834b4410310b07b/
 CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute 
arbitrary ...)
@@ -53442,16 +53448,19 @@ CVE-2024-22245 (Arbitrary Authentication Relay and 
Session Hijack vulnerabilitie
        NOT-FOR-US: VMware
 CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header 
Parsing f ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/
 CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with 
preexistin ...)
        NOT-FOR-US: UniFi
 CVE-2024-21812 (An integer overflow vulnerability exists in the 
sopen_FAMOS_read funct ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/
 CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi 
parsing  ...)
        - biosig 2.6.0-1
+       [bookworm] - biosig <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/71057b016be545974565fdc0f903871c345da412/
 CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in 
various c ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ pymatgen
 --
 python-aiohttp
 --
-python-asyncssh
+python-asyncssh (jmm)
 --
 python-reportlab
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2220e4c36ace12896d2f9d8d72220ebb088841b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2220e4c36ace12896d2f9d8d72220ebb088841b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to