[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 30 Jun 2024 13:13:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
73b9c503 by security tracker role at 2024-06-30T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was 
identified in ...)
+       TODO: check
+CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote 
attacker t ...)
+       TODO: check
+CVE-2024-31902 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site req ...)
+       TODO: check
+CVE-2024-31898 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
+       TODO: check
+CVE-2024-28798 (IBM InfoSphere Information Server 11.7 is vulnerable to stored 
cross-s ...)
+       TODO: check
+CVE-2024-28797 (IBM InfoSphere Information Server 11.7 is vulnerable stored to 
cross-s ...)
+       TODO: check
+CVE-2024-28795 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
+       TODO: check
+CVE-2024-28794 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
+       TODO: check
+CVE-2023-50964 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
+       TODO: check
+CVE-2023-50954 (IBM InfoSphere Information Server 11.7 returns sensitive 
information i ...)
+       TODO: check
+CVE-2023-50953 (IBM InfoSphere Information Server 11.7 could allow a remote 
attacker t ...)
+       TODO: check
+CVE-2023-50952 (IBM InfoSphere Information Server 11.7 is vulnerable to 
server-side re ...)
+       TODO: check
+CVE-2023-35022 (IBM InfoSphere Information Server 11.7 could allow a local 
user to upd ...)
+       TODO: check
 CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico 
Estate ...)
        NOT-FOR-US: ngenico Estate Manager
 CVE-2024-6414 (A vulnerability classified as problematic has been found in 
Parsec Aut ...)
@@ -3503,17 +3529,17 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 
allows code execution in situ
        NOTE: 
https://lists.gnu.org/archive/html/bug-global/2024-05/msg00009.html
 CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C 
through e5dad3 ...)
        NOT-FOR-US: The Algorithms - C
-CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant 
heap-based buffer ...)
+CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant 
heap-based ...)
        - netatalk <unfixed> (bug #1074475)
        NOTE: https://github.com/Netatalk/netatalk/issues/1098
        NOTE: https://netatalk.io/security/CVE-2024-38441
        NOTE: 
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
 (netatalk-3-2-1)
-CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error, and resultant 
heap-based buffe ...)
+CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant 
heap-base ...)
        - netatalk <unfixed> (bug #1074474)
        NOTE: https://github.com/Netatalk/netatalk/issues/1097
        NOTE: https://netatalk.io/security/CVE-2024-38440
        NOTE: 
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
 (netatalk-3-2-1)
-CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant 
heap-based buffer ...)
+CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant 
heap-based ...)
        - netatalk <unfixed> (bug #1074473)
        NOTE: https://github.com/Netatalk/netatalk/issues/1096
        NOTE: https://netatalk.io/security/CVE-2024-38439
@@ -22515,7 +22541,7 @@ CVE-2024-27282 (An issue was discovered in Ruby 3.x 
through 3.3.0. If attacker-s
        NOTE: 
https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
        NOTE: 
https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a
 CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer 
strings  The  ...)
-       {DSA-5678-1}
+       {DSA-5678-1 DLA-3850-1}
        - glibc 2.37-19
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31680
        NOTE: 
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/
@@ -22523,7 +22549,7 @@ CVE-2024-33602 (nscd: netgroup cache assumes NSS 
callback uses in-buffer strings
        NOTE: 
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
        NOTE: Fixed by: 
https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b
 CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation 
failure ...)
-       {DSA-5678-1}
+       {DSA-5678-1 DLA-3850-1}
        - glibc 2.37-19
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
        NOTE: 
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/
@@ -22531,7 +22557,7 @@ CVE-2024-33601 (nscd: netgroup cache may terminate 
daemon on memory allocation f
        NOTE: 
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
        NOTE: Fixed by: 
https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b
 CVE-2024-33600 (nscd: Null pointer crashes after notfound response  If the 
Name Servic ...)
-       {DSA-5678-1}
+       {DSA-5678-1 DLA-3850-1}
        - glibc 2.37-19
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
        NOTE: 
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/
@@ -22540,7 +22566,7 @@ CVE-2024-33600 (nscd: Null pointer crashes after 
notfound response  If the Name
        NOTE: Fixed by: 
https://sourceware.org/git?p=glibc.git;a=commit;h=b048a482f088e53144d26a61c390bed0210f49f2
        NOTE: Fixed by: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=7835b00dbce53c3c87bbbb1754a95fb5e58187aa
 CVE-2024-33599 (nscd: Stack-based buffer overflow in netgroup cache  If the 
Name Servi ...)
-       {DSA-5678-1}
+       {DSA-5678-1 DLA-3850-1}
        - glibc 2.37-19
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
        NOTE: 
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b9c50349c0683dc8e5a406d8f5881d825af0c0

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b9c50349c0683dc8e5a406d8f5881d825af0c0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to