diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2024-02-29 11:03:03 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2024-02-29 11:06:02 +0100 |
| commit | 108c29e56c10c51d83b37a950d04c7e409d2e38b (patch) | |
| tree | 1329941f1be05e9633f21a206f3018401a0e4dde /data | |
| parent | 726ac5f45dfdb45a740de16a74dcef21d11f0226 (diff) | |
bookworm/bullseye triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 10 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 4 |
2 files changed, 14 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index f6936cdc7f..d88ff01d8d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1274,12 +1274,18 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the comp NOT-FOR-US: beep.js CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) - krb5 <unfixed> (bug #1064965) + [bookworm] - krb5 <no-dsa> (Minor issue) + [bullseye] - krb5 <no-dsa> (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) - krb5 <unfixed> (bug #1064965) + [bookworm] - krb5 <no-dsa> (Minor issue) + [bullseye] - krb5 <no-dsa> (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...) - krb5 <unfixed> (bug #1064965) + [bookworm] - krb5 <no-dsa> (Minor issue) + [bullseye] - krb5 <no-dsa> (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...) NOT-FOR-US: Fluent Bit @@ -1344,6 +1350,8 @@ CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted NOTE: https://redmine.openinfosecfoundation.org/issues/6444 CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.3-1 + [bookworm] - suricata <no-dsa> (Minor issue) + [bullseye] - suricata <no-dsa> (Minor issue) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc NOTE: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc (suricata-6.0.16) @@ -4370,6 +4378,7 @@ CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/ad NOT-FOR-US: Koha Library Management System CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) - openrefine <unfixed> (bug #1064192) + [bookworm] - openrefine <no-dsa> (Minor issue) NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8) CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) @@ -8452,6 +8461,7 @@ CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication to NOT-FOR-US: CloudLinux CageFS CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs] - xen <unfixed> + [bookworm] - xen <postponed> (Minor issue, fix along in next DSA) [bullseye] - xen <end-of-life> (EOLed in Bullseye) [buster] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-451.html diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index ec90a56e33..e42d82abca 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -30,6 +30,8 @@ gtkwave -- h2o (jmm) -- +jetty9 +-- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- @@ -98,5 +100,7 @@ varnish -- wpa -- +yard (jmm) +-- zabbix -- |