[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 04 Feb 2024 12:44:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
37b4736a by security tracker role at 2024-02-04T20:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x 
before 2.1 ...)
+       TODO: check
+CVE-2023-6240 (A Marvin vulnerability side-channel leakage was found in the 
RSA decry ...)
+       TODO: check
+CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion 
if XML_DT ...)
+       TODO: check
+CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource 
consumptio ...)
+       TODO: check
+CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write 
and use-a ...)
+       TODO: check
+CVE-2018-25098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
blockmaso ...)
+       TODO: check
 CVE-2023-50947 (IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is 
vulnera ...)
        NOT-FOR-US: IBM
 CVE-2023-33851 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 
through FW ...)
@@ -555,6 +567,7 @@ CVE-2024-0853 (curl inadvertently kept the SSL session ID 
for connections in its
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 
(curl-8_5_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c 
(curl-8_6_0)
 CVE-2024-21626 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
+       {DSA-5615-1}
        - runc 1.1.12+ds1-1 (bug #1062532)
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -2949,7 +2962,7 @@ CVE-2023-48340 (In video decoder, there is a possible out 
of bounds write due to
        NOT-FOR-US: Unisoc
 CVE-2023-48339 (In jpg driver, there is a possible missing permission check. 
This coul ...)
        NOT-FOR-US: Unisoc
-CVE-2021-4435 [untrusted search path]
+CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When 
a victi ...)
        - node-yarnpkg <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284
        TODO: check, too few details in RHBZ#2262284



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b4736ac57e2bf07a3b3885fa9bc08d33f014e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b4736ac57e2bf07a3b3885fa9bc08d33f014e6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to