diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2024-04-25 17:44:51 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2024-04-25 17:44:51 +0200 |
| commit | 2e0bccad6269ecf94ccfd67828a9b4372b2acdf4 (patch) | |
| tree | f229efdcc727feecd5ea57c92a896081d27c59d2 | |
| parent | 7d1fbd693b79d675ea828a034cddba4cbd619dc2 (diff) | |
bookworm/bullseye triage
| -rw-r--r-- | data/CVE/list | 11 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 6 |
2 files changed, 13 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index e674a82531..4984916dde 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -130,6 +130,8 @@ CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline NOT-FOR-US: WordPress plugin CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) - social-auth-app-django <unfixed> + [bookworm] - social-auth-app-django <no-dsa> (Minor issue) + [bullseye] - social-auth-app-django <no-dsa> (Minor issue) - python-social-auth <removed> NOTE: https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 NOTE: https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 (5.4.1) @@ -331,6 +333,8 @@ CVE-2024-3154 - cri-o <itp> (bug #979702) CVE-2024-30171 - bouncycastle <unfixed> + [bookworm] - bouncycastle <no-dsa> (Minor issue) + [bullseye] - bouncycastle <no-dsa> (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1528 CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) NOT-FOR-US: Tenda @@ -7186,7 +7190,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated a CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) NOT-FOR-US: ermig1979 Simd CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) - - libyaml <unfixed> + NOTE: Non issue reported for libyaml: + NOTE: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931 NOTE: https://vuldb.com/?submit.304561 NOTE: https://github.com/yaml/libyaml/issues/289 CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) @@ -11964,6 +11969,8 @@ CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classi NOT-FOR-US: AndroidWeatherApp CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...) - murano <removed> (bug #1068459) + [bookworm] - murano <ignored> (To be removed in point release) + [bullseye] - murano <ignored> (To be removed in point release) NOTE: https://bugs.launchpad.net/murano/+bug/2048114 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093 NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable: @@ -49444,6 +49451,8 @@ CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...) - golang-github-disintegration-imaging <unfixed> (bug #1069062) + [bookworm] - golang-github-disintegration-imaging <no-dsa> (Minor issue) + [bullseye] - golang-github-disintegration-imaging <no-dsa> (Minor issue) NOTE: https://github.com/disintegration/imaging/issues/165 CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...) NOT-FOR-US: ZPLGFA diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 51ecff4f20..c14569650b 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -12,11 +12,11 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. -- -atril +atril (jmm) -- chromium (dilinger) -- -dav1d +dav1d (jmm) -- dnsdist (jmm) -- @@ -50,7 +50,7 @@ opennds/stable -- org-mode -- -pdns-recursor +pdns-recursor (jmm) -- php-cas/oldstable -- |