Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 645a212f by Moritz Muehlenhoff at 2024-04-15T16:41:00+02:00 bookworm/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -958,9 +958,9 @@ CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerExcept CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...) NOT-FOR-US: Joda Time CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) - - libjfreechart-java <unfixed> + NOT-FOR-US: Disputed JFreeChart issue CVE-2024-23076 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) - - libjfreechart-java <unfixed> + NOT-FOR-US: Disputed JFreeChart issue CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) @@ -1006,7 +1006,7 @@ CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardi CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...) NOT-FOR-US: Nozomi Networks CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) - - libjfreechart-java <unfixed> + NOT-FOR-US: Disputed JFreeChart issue CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387 @@ -2180,13 +2180,13 @@ CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intellige CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) NOT-FOR-US: HCL CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) - - libapfloat-java <unfixed> + NOT-FOR-US: Disputed Apfloat issue CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) NOT-FOR-US: ThreeTen Backport CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - - jgrapht <unfixed> + NOT-FOR-US: Disputed JGraphT issue CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) - - libjfreechart-java <unfixed> + NOT-FOR-US: Disputed JFreeChart issue CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) @@ -2298,13 +2298,13 @@ CVE-2024-23190 (Upsell shop information of an account can be manipulated to exec CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...) NOT-FOR-US: Open-Xchange CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...) - - libapfloat-java <unfixed> + NOT-FOR-US: Disputed Apfloat issue CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...) - - libapfloat-java <unfixed> + NOT-FOR-US: Disputed Apfloat issue CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...) NOT-FOR-US: ThreeTen Backport CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - - jgrapht <unfixed> + NOT-FOR-US: Disputed JGraphT issue CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...) NOT-FOR-US: WordPress plugin CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...) @@ -2360,6 +2360,8 @@ CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...) [experimental] - openssl 3.3.0-1 - openssl <unfixed> (bug #1068658) + [bookworm] - openssl <postponed> (Minor issue, fix along with next update round) + [bullseye] - openssl <postponed> (Minor issue, fix along with next update round) NOTE: https://www.openssl.org/news/secadv/20240408.txt NOTE: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 (openssl-3.2.y) NOTE: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce (openssl-3.1.y) @@ -2469,6 +2471,7 @@ CVE-2023-52341 (In Plaintext COUNTER CHECK message accepted before AS security a NOT-FOR-US: Unisoc CVE-2021-47208 (The Mojolicious module before 9.11 for Perl has a bug in format detect ...) - libmojolicious-perl 9.21+dfsg-1 + [bullseye] - libmojolicious-perl <no-dsa> (Minor issue) NOTE: https://github.com/mojolicious/mojo/issues/1736 NOTE: https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c (v9.11) CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to secure_co ...) @@ -6713,6 +6716,8 @@ CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote auth NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) - netty <unfixed> (bug #1068110) + [bookworm] - netty <postponed> (Minor issue, fix along with future update) + [bullseye] - netty <postponed> (Minor issue, fix along with future update) NOTE: https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v NOTE: https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c (netty-4.1.108.Final) NOTE: https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 @@ -14481,6 +14486,8 @@ CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/s - ming <removed> CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...) - opendmarc <unfixed> + [bookworm] - opendmarc <no-dsa> (Minor issue) + [bullseye] - opendmarc <no-dsa> (Minor issue) [buster] - opendmarc <no-dsa> (Minor issue) NOTE: https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/645a212f68a8a2ec55fd248cdc6e14a7a1adc2f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits