[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 18 Aug 2024 04:52:42 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4f19f99b by Moritz Muehlenhoff at 2024-08-18T13:51:52+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1111,6 +1111,7 @@ CVE-2024-26022 (Improper access control in some Intel(R) 
UEFI Integrator Tools o
        NOT-FOR-US: Intel
 CVE-2024-25939 (Mirrored regions with different values in 3rd Generation 
Intel(R) Xeon ...)
        - intel-microcode 3.20240813.1 (bug #1078742)
+       [bookworm] - intel-microcode <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
 CVE-2024-25576 (improper access control in firmware for some Intel(R) FPGA 
products be ...)
@@ -1127,6 +1128,7 @@ CVE-2024-24983 (Protection mechanism failure in firmware 
for some Intel(R) Ether
        NOT-FOR-US: Intel
 CVE-2024-24980 (Protection mechanism failure in some 3rd, 4th, and 5th 
Generation Inte ...)
        - intel-microcode 3.20240813.1 (bug #1078742)
+       [bookworm] - intel-microcode <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
 CVE-2024-24977 (Uncontrolled search path for some Intel(R) License Manager for 
FLEXlm  ...)
@@ -1135,6 +1137,7 @@ CVE-2024-24973 (Improper input validation for some 
Intel(R) Distribution for GDB
        NOT-FOR-US: Intel
 CVE-2024-24853 (Incorrect behavior order in transition between executive 
monitor and S ...)
        - intel-microcode 3.20240813.1 (bug #1078742)
+       [bookworm] - intel-microcode <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
 CVE-2024-24580 (Improper conditions check in some Intel(R) Data Center GPU Max 
Series  ...)
@@ -1589,6 +1592,7 @@ CVE-2023-31366 (Improper input validation in AMD 
\u03bcProf could allow an attac
        NOT-FOR-US: AMD
 CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a 
privile ...)
        - amd64-microcode <unfixed>
+       [bookworm] - amd64-microcode <no-dsa> (Minor issue)
        NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
        TODO: check, potentially already addressed in 3.20230823.1 as this 
updates AMD-SEV firmware to version 1.55 build 21 for Family 19h models 10h-1fh 
(asked maintainer)
 CVE-2023-31349 (Incorrect default permissions in the AMD \u03bcProf 
installation direc ...)
@@ -9692,6 +9696,7 @@ CVE-2024-39697 (phonenumber is a library for parsing, 
formatting and validating
        NOT-FOR-US: Rust crate phonenumber
 CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to 
an inte ...)
        - rapidjson <unfixed>
+       [bookworm] - rapidjson <no-dsa> (Minor issue)
        NOTE: https://github.com/Tencent/rapidjson/issues/2289
 CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All 
versions < ...)
        NOT-FOR-US: Siemens
@@ -9721,6 +9726,7 @@ CVE-2024-38867 (A vulnerability has been identified in 
SIPROTEC 5 6MD84 (CP300)
        NOT-FOR-US: Siemens
 CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to 
an inte ...)
        - rapidjson <unfixed>
+       [bookworm] - rapidjson <no-dsa> (Minor issue)
        NOTE: https://github.com/Tencent/rapidjson/pull/1261
 CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines. 
Airbyte conn ...)
        NOT-FOR-US: Airbyte


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ cinder
 dnsmasq
   Lee Garrett showed interest to prepare an update for review
 --
+dovecot
+--
 frr
   coordination with the maintainer ongoing
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f19f99bd6191a4e9db1ad585477231ade52ca0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f19f99bd6191a4e9db1ad585477231ade52ca0c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to