Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27d01493 by Moritz Muehlenhoff at 2024-12-11T11:42:11+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17757,6 +17757,7 @@ CVE-2024-7099 (netease-youdao/qanything version 1.4.1
contains a vulnerability w
NOT-FOR-US: netease-youdao/qanything
CVE-2024-49214 (QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and
2.9.x b ...)
- haproxy 2.9.11-1
+ [bookworm] - haproxy <ignored> (Minor issue and not backported to 2.6.x
tree)
NOTE:
https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46
(v3.1-dev7)
NOTE:
https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=fe5685af820ae62fe5b0d80b5ed7a2ffc41a036f
(v2.9.11)
CVE-2024-38863 (Exposure of CSRF tokens in query parameters on specific
requests in Ch ...)
@@ -86831,8 +86832,9 @@ CVE-2024-24821 (Composer is a dependency Manager for
the PHP language. In affect
NOTE:
https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
(2.7.0)
CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2
configuration hand ...)
- icingaweb2-module-director 1.11.1-1
+ [bookworm] - icingaweb2-module-director <no-dsa> (Minor issue)
NOTE:
https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3
- TODO: check details
+ NOTE:
https://github.com/Icinga/icingaweb2-module-director/commit/f1e54348c8362b3010eb2d87d8cf380d5ba55135
(v1.10.3)
CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding
edge Icin ...)
NOT-FOR-US: icingaweb2-module-incubator
CVE-2024-24499
@@ -262157,14 +262159,11 @@ CVE-2021-39360 (In GNOME libzapojit through 0.0.3,
zpj-skydrive.c does not enabl
NOTE:
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not
enable TLS ...)
- - libgda5 5.2.10-5 (bug #993592)
- [bookworm] - libgda5 <no-dsa> (Minor issue)
- [bullseye] - libgda5 <no-dsa> (Minor issue)
- [buster] - libgda5 <no-dsa> (Minor issue)
- [stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed
upstream)
+ - libgda5 5.2.10-5 (bug #993592; unimportant)
NOTE:
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d
(master)
+ NOTE: Debian builds with --without-libsoup, which disabled the web
functionality using libsoup entirely
CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not
enable T ...)
- gfbgraph 0.2.5-1 (bug #993537)
[bullseye] - gfbgraph <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d014930078b3966be96502eb3138e4ec2eccee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d014930078b3966be96502eb3138e4ec2eccee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
