Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7d65ef2 by Thorsten Alteholz at 2024-08-25T17:34:40+02:00
mark CVE-2024-39684 and CVE-2024-38517 as postponed for Bullseye
- - - - -
da038071 by Thorsten Alteholz at 2024-08-25T17:36:10+02:00
mark CVE-2024-43380 as postponed for Bullseye
- - - - -
fdfebced by Thorsten Alteholz at 2024-08-25T17:37:16+02:00
mark CVE-2023-35934 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1533,6 +1533,7 @@ CVE-2024-43399 (Mobile Security Framework (MobSF) is a
pen-testing, malware anal
CVE-2024-43380 (fugit contains time tools for flor and the floraison group.
The fugit ...)
- ruby-fugit <unfixed>
[bookworm] - ruby-fugit <no-dsa> (Minor issue)
+ [bullseye] - ruby-fugit <postponed> (Minor issue)
NOTE:
https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g
NOTE: https://github.com/floraison/fugit/issues/104
NOTE:
https://github.com/floraison/fugit/commit/6a7527497c0bb9196efe503e3d9b5271128a8ee1
(v1.11.1)
@@ -11659,6 +11660,7 @@ CVE-2024-39697 (phonenumber is a library for parsing,
formatting and validating
CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
- rapidjson <unfixed>
[bookworm] - rapidjson <no-dsa> (Minor issue)
+ [bullseye] - rapidjson <postponed> (Minor issue)
NOTE: https://github.com/Tencent/rapidjson/issues/2289
CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All
versions < ...)
NOT-FOR-US: Siemens
@@ -11689,6 +11691,7 @@ CVE-2024-38867 (A vulnerability has been identified in
SIPROTEC 5 6MD84 (CP300)
CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
- rapidjson <unfixed>
[bookworm] - rapidjson <no-dsa> (Minor issue)
+ [bullseye] - rapidjson <postponed> (Minor issue)
NOTE: https://github.com/Tencent/rapidjson/pull/1261
CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines.
Airbyte conn ...)
NOT-FOR-US: Airbyte
@@ -95073,6 +95076,7 @@ CVE-2023-35934 (yt-dlp is a command-line program to
download videos from video s
[bullseye] - yt-dlp <no-dsa> (Minor issue)
- youtube-dl <removed> (bug #1079502)
[bookworm] - youtube-dl <no-dsa> (Minor issue)
+ [bullseye] - youtube-dl <postponed> (Minor issue)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
NOTE:
https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
NOTE:
https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75792ed309ce25d5a04164350d80f8c2ac80f817...fdfebcedb963c97d16c22f596725b15dcd2005c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75792ed309ce25d5a04164350d80f8c2ac80f817...fdfebcedb963c97d16c22f596725b15dcd2005c4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
