[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Sat, 18 Jan 2025 09:29:12 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a3335701 by Moritz Muehlenhoff at 2025-01-18T17:16:47+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5886,6 +5886,7 @@ CVE-2025-22214 (Landray EIS 2001 through 2006 allows 
Message/fi_message_receiver
        NOT-FOR-US: WordPress pluginEIS
 CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses 
Perl's builti ...)
        - libnet-easytcp-perl <unfixed>
+       [bookworm] - libnet-easytcp-perl <ignored> (Scheduled for removal)
        NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/184
        NOTE: Related to CVE-2002-20002 (direct use of rand for version before 
< 0.15)
 CVE-2024-56829 (Huang Yaoshi Pharmaceutical Management Software through 16.0 
allows ar ...)
@@ -8227,10 +8228,12 @@ CVE-2024-56362 (Navidrome is an open source web-based 
music collection server an
        NOT-FOR-US: Navidrome
 CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An 
oversight ...)
        - jinja2 <unfixed> (bug #1091331)
+       [bookworm] - jinja2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
        NOTE: Fixed by: 
https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
 (3.1.5)
 CVE-2024-56201 (Jinja is an extensible templating engine. In versions on the 
3.x branc ...)
        - jinja2 <unfixed> (bug #1091329)
+       [bookworm] - jinja2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
        NOTE: https://github.com/pallets/jinja/issues/1792
        NOTE: Fixed by: 
https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
 (3.1.5)
@@ -8723,6 +8726,7 @@ CVE-2024-55231 (An IDOR vulnerability in the 
edit-notes.php module of PHPGurukul
        NOT-FOR-US: PHPGurukul Online Notes Sharing Management System
 CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation 
violation via t ...)
        - iperf3 3.18-1 (bug #1090931)
+       [bookworm] - iperf3 <no-dsa> (Minor issue)
        NOTE: https://github.com/esnet/iperf/pull/1810
        NOTE: 
https://github.com/esnet/iperf/commit/3f66f604df7f1038a49108c48612c2f4fe71331f 
(3.18)
 CVE-2024-51532 (Dell PowerStore contains an Improper Neutralization of 
Argument Delimi ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,10 @@ git (carnil)
 --
 jetty9
 --
+jpeg-xl
+--
+libreoffice (jmm)
+--
 libreswan
   Waiting on feedback from maintainer
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a33357014c147a3ca8c375a65f8c250892dd222d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a33357014c147a3ca8c375a65f8c250892dd222d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to