Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62d476ff by Moritz Muehlenhoff at 2024-05-04T18:15:00+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -237,11 +237,11 @@ CVE-2024-34408 (Tencent libpag through 4.3.51 has an
integer overflow in DecodeS
CVE-2024-34404 (A vulnerability was discovered in the Alta Recovery Vault
feature of V ...)
NOT-FOR-US: Veritas NetBackup
CVE-2024-34403 (An issue was discovered in uriparser through 0.9.7.
ComposeQueryMalloc ...)
- - uriparser <unfixed>
+ - uriparser <unfixed> (bug #1070376)
NOTE: https://github.com/uriparser/uriparser/issues/183
NOTE: https://github.com/uriparser/uriparser/pull/186
CVE-2024-34402 (An issue was discovered in uriparser through 0.9.7.
ComposeQueryEngine ...)
- - uriparser <unfixed>
+ - uriparser <unfixed> (bug #1070376)
NOTE: https://github.com/uriparser/uriparser/pull/185
NOTE: https://github.com/uriparser/uriparser/issues/183
CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the
index.php/quiz/insert_quiz/ ...)
@@ -269,7 +269,7 @@ CVE-2024-34066 (Pterodactyl wings is the server control
plane for Pterodactyl Pa
CVE-2024-34063 (vodozemac is an implementation of Olm and Megolm in pure Rust.
Version ...)
TODO: check
CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any
optional n ...)
- - tqdm <unfixed>
+ - tqdm <unfixed> (bug #1070372)
NOTE:
https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
NOTE: Fixed by:
https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721
(v4.66.3)
CVE-2024-34061 (changedetection.io is a free open source web page change
detection, we ...)
@@ -3101,7 +3101,7 @@ CVE-2024-3411 (Implementations of IPMI Authenticated
sessions does not provide e
CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to
unautho ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the
get_edge() func ...)
- - frr <unfixed>
+ - frr <unfixed> (bug #1070377)
[bullseye] - frr <not-affected> (Vulnerable code introduced later)
[buster] - frr <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/FRRouting/frr/pull/15674
@@ -3243,7 +3243,7 @@ CVE-2024-33401 (Cross Site Scripting vulnerability in
DedeCMS v.5.7.113 allows a
CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a
remote at ...)
NOT-FOR-US: TaoCMS
CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a
format-string ...)
- - dmitry <unfixed>
+ - dmitry <unfixed> (bug #1070370)
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
@@ -3889,7 +3889,7 @@ CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to
contain a command injection
CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Set ...)
NOT-FOR-US: D-Link
CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion
Failure ...)
- - quickjs <unfixed>
+ - quickjs <unfixed> (bug #1070373)
NOTE: https://github.com/bellard/quickjs/issues/277
CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
- iotjs <removed>
@@ -4033,11 +4033,11 @@ CVE-2024-33666 (An issue was discovered in Zammad
before 6.3.0. Users with custo
CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key
that is ...)
NOT-FOR-US: angular-translate
CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial
of servic ...)
- - python-jose <unfixed>
+ - python-jose <unfixed> (bug #1070375)
NOTE: https://github.com/mpdavis/python-jose/issues/344
NOTE: https://github.com/mpdavis/python-jose/pull/345
CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH
ECDSA k ...)
- - python-jose <unfixed>
+ - python-jose <unfixed> (bug #1070375)
NOTE: https://github.com/mpdavis/python-jose/issues/346
CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is
not index. ...)
NOT-FOR-US: Portainer
@@ -4403,7 +4403,7 @@ CVE-2024-32948 (Missing Authorization vulnerability in
Repute Infosystems ARMemb
CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in
AlumniOnline Web Se ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32879 (Python Social Auth is a social authentication/registration
mechanism. ...)
- - social-auth-app-django <unfixed>
+ - social-auth-app-django <unfixed> (bug #1070374)
[bookworm] - social-auth-app-django <no-dsa> (Minor issue)
[bullseye] - social-auth-app-django <no-dsa> (Minor issue)
[buster] - social-auth-app-django <postponed> (Minor issue)
@@ -4958,7 +4958,7 @@ CVE-2024-31992 (Mealie is a self hosted recipe manager
and meal planner. Prior t
CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior
to 1.4. ...)
NOT-FOR-US: Mealie
CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability
via the ...)
- - pytorch <unfixed>
+ - pytorch <unfixed> (bug #1070379)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
@@ -5015,7 +5015,7 @@ CVE-2024-32644 (Evmos is a scalable, high-throughput
Proof-of-Stake EVM blockcha
CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential
helper. Prior ...)
- git-credential-manager <itp> (bug #1002300)
CVE-2024-32473 (Moby is an open source container framework that is a key
component of ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (bug #1070378)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
NOTE:
https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa
TODO: check, said to be specific to the 26.0.0 and 26.0.1 versions but
needs double-checking
@@ -5577,25 +5577,25 @@ CVE-2024-1426 (The Element Pack Elementor Addons
(Header Footer, Free Template L
CVE-2023-4509 (It is possible for an API key to be logged in clear text in the
audit ...)
NOT-FOR-US: Octopus Deploy
CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- - ofono <unfixed>
+ - ofono <unfixed> (bug #1070371)
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
[buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402
CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- - ofono <unfixed>
+ - ofono <unfixed> (bug #1070371)
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
[buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399
CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- - ofono <unfixed>
+ - ofono <unfixed> (bug #1070371)
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
[buster] - ofono <postponed> (Minor issue, follow bullseye)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
- - ofono <unfixed>
+ - ofono <unfixed> (bug #1070371)
[bookworm] - ofono <no-dsa> (Minor issue)
[bullseye] - ofono <no-dsa> (Minor issue)
[buster] - ofono <postponed> (Minor issue, follow bullseye)
@@ -5762,7 +5762,7 @@ CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was
discovered to contain an Off-by-
NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
(n7.0)
NOTE: Introduced by
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
(n5.1)
CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a
use-after-fr ...)
- - pytorch <unfixed>
+ - pytorch <unfixed> (bug #1070379)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
@@ -5781,7 +5781,7 @@ CVE-2024-31581 (FFmpeg version n6.1 was discovered to
contain an improper valida
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
(n7.0)
CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer
overflow ...)
- - pytorch <unfixed>
+ - pytorch <unfixed> (bug #1070379)
[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
@@ -10173,15 +10173,15 @@ CVE-2024-3347 (A vulnerability was found in
SourceCodester Airline Ticket Reserv
CVE-2024-3346 (A vulnerability was found in Byzoro Smart S80 up to 20240328.
It has b ...)
NOT-FOR-US: Byzro Smart S80
CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can
be over ...)
- - llvm-toolchain-14 <unfixed>
+ - llvm-toolchain-14 <unfixed> (bug #1070384)
[bookworm] - llvm-toolchain-14 <no-dsa> (Minor issue)
- - llvm-toolchain-15 <unfixed>
+ - llvm-toolchain-15 <unfixed> (bug #1070383)
[bookworm] - llvm-toolchain-15 <no-dsa> (Minor issue)
- - llvm-toolchain-16 <unfixed>
+ - llvm-toolchain-16 <unfixed> (bug #1070382)
[bookworm] - llvm-toolchain-16 <no-dsa> (Minor issue)
[bullseye] - llvm-toolchain-16 <no-dsa> (Minor issue)
- - llvm-toolchain-17 <unfixed>
- - llvm-toolchain-18 <unfixed>
+ - llvm-toolchain-17 <unfixed> (bug #1070381)
+ - llvm-toolchain-18 <unfixed> (bug #1070380)
NOTE: https://github.com/llvm/llvm-project/issues/80287
NOTE: https://bugs.chromium.org/p/llvm/issues/detail?id=69
NOTE:
https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
@@ -292148,7 +292148,7 @@ CVE-2020-14932 (compose.php in SquirrelMail 1.4.22
calls unserialize for the $ma
- squirrelmail <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information
Gatheri ...)
- - dmitry <unfixed>
+ - dmitry <unfixed> (bug #1070370)
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, requires hostile whois
server)
@@ -472289,7 +472289,7 @@ CVE-2017-7940 (The iw_read_gif_file function in
imagew-gif.c in libimageworsener
CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in
libimageworsener.a ...)
NOT-FOR-US: ImageWorsener
CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information
Gathering ...)
- - dmitry <unfixed>
+ - dmitry <unfixed> (bug #1070370)
[bookworm] - dmitry <no-dsa> (Minor issue)
[bullseye] - dmitry <no-dsa> (Minor issue)
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires
malicious parameter)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d476ff298fb21c4d9abbcb698af3f587a286a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d476ff298fb21c4d9abbcb698af3f587a286a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
