Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9494fe83 by Moritz Muehlenhoff at 2024-11-29T17:18:48+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -251,6 +251,7 @@ CVE-2024-11738
NOTE: https://github.com/rustls/rustls/issues/2227
CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who
chooses to i ...)
- emacs <unfixed>
+ [bookworm] - emacs <postponed> (Minor issue, revisit when fixed
upstream)
NOTE:
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
NOTE:
https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/
CVE-2024-53855 (Centurion ERP (Enterprise Rescource Planning) is a simple
application ...)
@@ -794,6 +795,7 @@ CVE-2024-53930 (WikiDocs before 1.0.65 allows stored XSS by
authenticated users
NOT-FOR-US: WikiDocs
CVE-2024-53916 (In OpenStack Neutron through 25.0.0,
neutron/extensions/tagging.py can ...)
- neutron <unfixed>
+ [bookworm] - neutron <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://review.opendev.org/c/openstack/neutron/+/935883
CVE-2024-53915 (An issue was discovered in the server in Veritas Enterprise
Vault befo ...)
NOT-FOR-US: Veritas Enterprise Vault
@@ -891,6 +893,7 @@ CVE-2024-11646 (A vulnerability classified as critical was
found in 1000 Project
NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A
specifically-crafted ...)
- jpeg-xl <unfixed>
+ [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/pull/3943
NOTE:
https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions
prior to c ...)
@@ -4597,6 +4600,7 @@ CVE-2024-23919 (Improper buffer restrictions in some
Intel(R) Graphics software
NOT-FOR-US: Intel
CVE-2024-23918 (Improper conditions check in some Intel(R) Xeon(R) processor
memory co ...)
- intel-microcode 3.20241112.1 (bug #1087532)
+ [bookworm] - intel-microcode <no-dsa> (Minor issue)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
CVE-2024-23312 (Uncontrolled search path for some Intel(R) Binary
Configuration Tool s ...)
@@ -4616,12 +4620,14 @@ CVE-2024-22185 (Time-of-check Time-of-use Race
Condition in some Intel(R) proces
NOT-FOR-US: Intel
CVE-2024-21853 (Improper finite state machines (FSMs) in the hardware logic in
some 4t ...)
- intel-microcode 3.20241112.1 (bug #1087532)
+ [bookworm] - intel-microcode <no-dsa> (Minor issue)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
CVE-2024-21850 (Sensitive information in resource not removed before reuse in
some Int ...)
NOT-FOR-US: Intel
CVE-2024-21820 (Incorrect default permissions in some Intel(R) Xeon(R)
processor memor ...)
- intel-microcode 3.20241112.1 (bug #1087532)
+ [bookworm] - intel-microcode <no-dsa> (Minor issue)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
CVE-2024-21808 (Improper buffer restrictions in some Intel(R) VPL software
before vers ...)
@@ -128445,6 +128451,7 @@ CVE-2023-2143 (The Enable SVG, WebP & ICO Upload
WordPress plugin through 1.0.3
NOT-FOR-US: WordPress plugin
CVE-2023-2142 (In Nunjucks versions prior to version 3.2.4, it was possible
to bypas ...)
- node-nunjucks <unfixed> (bug #1088331)
+ [bookworm] - node-nunjucks <no-dsa> (Minor issue)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1825980
NOTE:
https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release
2017 th ...)
@@ -135258,6 +135265,7 @@ CVE-2023-1522 (SQL Injection in the Hardware
Inventory report of Security Center
NOT-FOR-US: Security Center
CVE-2023-1521 (On Linux the sccache client can execute arbitrary code with the
privil ...)
- sccache 0.5.3-1
+ [bookworm] - sccache <no-dsa> (Minor issue)
NOTE: https://securitylab.github.com/advisories/GHSL-2023-046_ScCache/
NOTE: https://github.com/advisories/GHSA-x7fr-pg8f-93f5
NOTE: ttps://github.com/mozilla/sccache/pull/1663
=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ smarty3 (jmm)
--
smarty4
--
+sogo
+--
trafficserver
--
webkit2gtk (berto)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9494fe831548bf2c7f7d0798139005f7da48ac5c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9494fe831548bf2c7f7d0798139005f7da48ac5c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
