[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 20 Aug 2024 05:20:39 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f0ac38f5 by Moritz Muehlenhoff at 2024-08-20T14:19:43+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -98,6 +98,7 @@ CVE-2024-7592 (There is a LOW severity vulnerability 
affecting CPython, specific
        - python3.13 <unfixed>
        - python3.12 <unfixed>
        - python3.11 <unfixed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        NOTE: https://github.com/python/cpython/pull/123075
        NOTE: https://github.com/python/cpython/issues/123067
@@ -292,6 +293,7 @@ CVE-2024-7904 (A vulnerability was found in DedeBIZ 6.3.0. 
It has been rated as
        NOT-FOR-US: DedeBIZ
 CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows 
the `Ac ...)
        - python-flask-cors <unfixed>
+       [bookworm] - python-flask-cors <no-dsa> (Minor issue)
        NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
 CVE-2024-43353 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WordPress plugin
@@ -1565,6 +1567,7 @@ CVE-2023-43489 (Improper access control for some Intel(R) 
CIP software before ve
        NOT-FOR-US: Intel
 CVE-2023-42667 (Improper isolation in the Intel(R) Core(TM) Ultra Processor 
stream cac ...)
        - intel-microcode 3.20240813.1 (bug #1078742)
+       [bookworm] - intel-microcode <no-dsa> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
 CVE-2023-40067 (Unchecked return value in firmware for some Intel(R) CSME may 
allow an ...)
@@ -362328,6 +362331,7 @@ CVE-2019-18861
        RESERVED
 CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
        - squid 6.1-1
+       [bookworm] - squid <ignored> (Vulnerable feature got removed upstream, 
workaround exists)
        - squid3 <removed>
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
        NOTE: https://megamansec.github.io/Squid-Security-Audit/trace-uaf.html


=====================================
data/dsa-needed.txt
=====================================
@@ -26,7 +26,7 @@ cinder
 dnsmasq
   Lee Garrett showed interest to prepare an update for review
 --
-dovecot
+dovecot (jmm)
   Noah Meyerhans is preparing updates
 --
 frr



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ac38f563938bf3ab77ab0bd66890625ea00b3e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ac38f563938bf3ab77ab0bd66890625ea00b3e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to