Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bba6a790 by Moritz Muehlenhoff at 2024-12-06T14:21:13+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,6 +13,7 @@ CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until
version 5.21.1, th
NOTE: incus:
https://github.com/lxc/incus/commit/d2bb0d86031cb0c1319914f1fb3842c058edb776
(v0.3.0)
CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version
5.21.2, could ...)
- lxd <unfixed>
+ [bookworm] - lxd <no-dsa> (Minor issue)
- incus <unfixed>
NOTE:
https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v
CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with
sigstore ...)
@@ -20,7 +21,7 @@ CVE-2024-54140 (sigstore-java is a sigstore java client for
interacting with sig
CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD
(Binary F ...)
- binutils <unfixed> (unimportant)
NOTE:
https://bushido-sec.com/index.php/2024/12/05/binutils-objdump-tekhex-buffer-overflow/
- NOTE: NOTE: binutils not covered by security support
+ NOTE: binutils not covered by security support
CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is
vulnerable ...)
NOT-FOR-US: JSFinder
CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the
Device Settin ...)
@@ -101938,7 +101939,7 @@ CVE-2023-47117 (Label Studio is an open source data
labeling tool. In all curren
CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control
the rem ...)
{DLA-3899-1}
- python-asyncssh 2.15.0-1 (bug #1055999)
- [bookworm] - python-asyncssh <ignored> (Minor issue)
+ [bookworm] - python-asyncssh <no-dsa> (Minor issue)
[buster] - python-asyncssh <no-dsa> (Minor issue)
NOTE:
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
NOTE:
https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
(v2.14.1)
=====================================
data/dsa-needed.txt
=====================================
@@ -35,8 +35,13 @@ mosquitto
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
+proftpd-dfsg
+--
python-aiohttp (jmm)
--
+python-django
+ Chris is working on it
+--
python-tornado
--
ring
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6a7907bb64b88c192142f5061998171ac445d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6a7907bb64b88c192142f5061998171ac445d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
