Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34dc22b8 by Moritz Muehlenhoff at 2024-09-06T13:44:32+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,6 +3,7 @@ CVE-2024-34158
- golang-1.22 <unfixed>
- golang-1.21 <unfixed>
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69141
@@ -11,6 +12,7 @@ CVE-2024-34156
- golang-1.22 <unfixed>
- golang-1.21 <unfixed>
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69139
@@ -19,6 +21,7 @@ CVE-2024-34155
- golang-1.22 <unfixed>
- golang-1.21 <unfixed>
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69138
@@ -212,6 +215,7 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module
of Clam AntiVirus (Cla
NOTE:
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1.
They cont ...)
- aardvark-dns 1.12.2-1 (bug #1080964)
+ [bookworm] - aardvark-dns <no-dsa> (Minor issue)
NOTE: https://github.com/containers/aardvark-dns/issues/500
NOTE: https://github.com/containers/aardvark-dns/pull/503
NOTE:
https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42
@@ -833,10 +837,12 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability
affecting CPython.
NOTE:
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
(3.10-branch)
CVE-2024-45231
- python-django 3:4.2.16-1
+ [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
CVE-2024-45230
- python-django 3:4.2.16-1
+ [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
(4.2.16)
CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x
through 3.1 ...)
@@ -1028,6 +1034,7 @@ CVE-2024-45509 (In MISP through 2.4.196,
app/Controller/BookmarksController.php
NOT-FOR-US: MISP
CVE-2024-45508 (HTMLDOC before 1.9.19 has an out-of-bounds write in
parse_paragraph in ...)
- htmldoc <unfixed>
+ [bookworm] - htmldoc <no-dsa> (Minor issue)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/528
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2
CVE-2024-45270 (WordPress plugin "Carousel Slider" provided by Sayful Islam
contains a ...)
@@ -1289,9 +1296,11 @@ CVE-2024-2502 (An application can be configured to block
boot attempts after con
NOT-FOR-US: Silabs
CVE-2024-1545 (Fault Injection vulnerability in RsaPrivateDecryption function
in wolf ...)
- wolfssl 5.7.0-0.3
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up
to ver ...)
- wolfssl 5.6.6-1.2
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the
connection wit ...)
@@ -1841,6 +1850,7 @@ CVE-2024-6688 (The Oxygen Builder plugin for WordPress is
vulnerable to unauthor
NOT-FOR-US: WordPress plugin
CVE-2024-45321 (The App::cpanminus package through 1.7047 for Perl downloads
code via ...)
- cpanminus <unfixed>
+ [bookworm] - cpanminus <no-dsa> (Minor issue)
NOTE:
https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
NOTE: https://github.com/miyagawa/cpanminus/issues/611
NOTE: https://github.com/miyagawa/cpanminus/pull/674
@@ -2080,6 +2090,7 @@ CVE-2024-28077 (A denial-of-service issue was discovered
on certain GL-iNet devi
NOT-FOR-US: GL-iNet devices
CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on
Unix pla ...)
- apr <unfixed> (bug #1080375)
+ [bookworm] - apr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
CVE-2024-44942 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dc22b8c6b08f550ef4b4e1bc61411bfa36cc01
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dc22b8c6b08f550ef4b4e1bc61411bfa36cc01
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
