tcpdf

Salvatore Bonaccorso (@carnil) Mon, 03 Jun 2024 12:55:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bbbed30a by Salvatore Bonaccorso at 2024-06-03T21:52:36+02:00
Add Debian bug reference for CVE-2024-22641/tcpdf

- - - - -
9b4f1533 by Salvatore Bonaccorso at 2024-06-03T21:53:33+02:00
Add Debian bug reference for CVE-2024-35226

- - - - -
9323cc09 by Salvatore Bonaccorso at 2024-06-03T21:54:20+02:00
Add Debian bug reference for CVE-2024-2199/389-ds-base

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1074,8 +1074,8 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet 
ecommerce solution. In
 CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. 
In affec ...)
        NOT-FOR-US: Umbraco Commerce
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the 
separation of pr ...)
-       - smarty3 <unfixed>
-       - smarty4 <unfixed>
+       - smarty3 <unfixed> (bug #1072530)
+       - smarty4 <unfixed> (bug #1072529)
        NOTE: 
https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
        NOTE: 
https://github.com/smarty-php/smarty/commit/76881c8d33d80648f70c9b0339f770f5f69a87a2
 (v4.5.3)
        NOTE: 
https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a
 (v5.2.0)
@@ -1084,7 +1084,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is 
impacted byinsecure encrypti
 CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure 
encryption of ...)
        NOT-FOR-US: HCL
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular 
Express ...)
-       - tcpdf <unfixed>
+       - tcpdf <unfixed> (bug #1072528)
        [bookworm] - tcpdf <no-dsa> (Minor issue)
        [bullseye] - tcpdf <no-dsa> (Minor issue)
        NOTE: https://github.com/tecnickcom/TCPDF/issues/724
@@ -1207,7 +1207,7 @@ CVE-2024-30164 (Amazon AWS Client VPN has a buffer 
overflow that could potential
 CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full 
& Host) ...)
        NOT-FOR-US: TeamViewer
 CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap 
server ...)
-       - 389-ds-base <unfixed>
+       - 389-ds-base <unfixed> (bug #1072531)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2267976
 CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit 
Reader 2024.2 ...)
        NOT-FOR-US: Foxit Reader



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a79b0175394cf9652294e71b346d50121b57cd99...9323cc0924fa2a1bef113237ff30c72283d4c258

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a79b0175394cf9652294e71b346d50121b57cd99...9323cc0924fa2a1bef113237ff30c72283d4c258
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2024-22641/tcpdf

Reply via email to