Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 448af4d0 by Moritz Muehlenhoff at 2024-04-05T17:16:16+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -66,8 +66,8 @@ CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After- CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) NOT-FOR-US: Solidworks CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) - - request-tracker4 <unfixed> - - request-tracker5 <unfixed> + - request-tracker4 <unfixed> (bug #1068452) + - request-tracker5 <unfixed> (bug #1068453) NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...) @@ -3641,7 +3641,7 @@ CVE-2024-29199 (Nautobot is a Network Source of Truth and Network Automation Pla CVE-2024-29196 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT communication ...) - - azure-uamqp-python <unfixed> + - azure-uamqp-python <unfixed> (bug #1068457) NOTE: https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg NOTE: https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geometry ser ...) @@ -4054,14 +4054,14 @@ CVE-2024-27280 [Buffer overread vulnerability in StringIO] NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ TODO: check details CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...) - - qt6-base <unfixed> + - qt6-base <unfixed> (bug #1068454) - qtbase-opensource-src <unfixed> - qtbase-opensource-src-gles <unfixed> NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314 NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365 TODO: check details CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) - - varnish <unfixed> + - varnish <unfixed> (bug #1068455) [bookworm] - varnish <ignored> (Minor issue, too intrusive to backport) [bullseye] - varnish <ignored> (Minor issue, too intrusive to backport) NOTE: https://varnish-cache.org/security/VSV00014.html @@ -4593,7 +4593,7 @@ CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum co CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) NOT-FOR-US: Owncast CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) - - docker.io <unfixed> + - docker.io <unfixed> (bug #1068460) NOTE: https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx NOTE: https://github.com/moby/moby/pull/46609 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) @@ -4863,117 +4863,117 @@ CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - - freeimage <unfixed> + - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 @@ -5775,7 +5775,7 @@ CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and cla CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: AndroidWeatherApp CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...) - - murano <unfixed> + - murano <unfixed> (bug #1068459) NOTE: https://bugs.launchpad.net/murano/+bug/2048114 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093 NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable: @@ -6150,12 +6150,12 @@ CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cr CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2763 NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2764 NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 @@ -7687,12 +7687,12 @@ CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2641 NOTE: https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2642 NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341 @@ -16014,16 +16014,16 @@ CVE-2024-24397 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...) NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1068462) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/448af4d061ce1f57359a5779d6418b8bdfd89606 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/448af4d061ce1f57359a5779d6418b8bdfd89606 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits