diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2024-04-18 12:51:06 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2024-04-18 12:51:06 +0200 |
| commit | da7f04e4e2160a8f5b96c8c0610a2ff264c539da (patch) | |
| tree | b2c628c75d6873c2d1b3260439807356aa88239d | |
| parent | 650b9c8ff693ad4e62ad53672d20dd60ab063f5b (diff) | |
bookworm/bullseye triage
| -rw-r--r-- | data/CVE/list | 6 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index c34e6a3d84..9bfc2e73cc 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1521,6 +1521,8 @@ CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) - gunicorn <unfixed> (bug #1069126) + [bookworm] - gunicorn <no-dsa> (Minor issue) + [bullseye] - gunicorn <no-dsa> (Minor issue) NOTE: https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1 NOTE: https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path traversal ...) @@ -10440,8 +10442,10 @@ CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a NOT-FOR-US: Adobe CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build) which allo ...) - golang-github-containers-buildah 1.33.7+ds1-1 (bug #1067800) + [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue) + [bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf - TODO: check, at least podman will need a rebuild with a fixed buildah + NOTE: at least podman will need a rebuild with a fixed buildah CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.2 ...) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 05d051b97f..5820ffab55 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -28,6 +28,8 @@ expat (carnil) -- frr -- +glibc +-- gpac/oldstable -- guix (jmm) @@ -35,6 +37,8 @@ guix (jmm) -- h2o (jmm) -- +less +-- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- |