[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 19 Feb 2024 12:14:08 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
56db434c by security tracker role at 2024-02-19T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
-CVE-2024-26308 [Apache Commons Compress: OutOfMemoryError unpacking broken 
Pack200 file]
+CVE-2024-25983 (Insufficient checks in a web service made it possible to add 
comments  ...)
+       TODO: check
+CVE-2024-25982 (The link to update all installed language packs did not 
include the ne ...)
+       TODO: check
+CVE-2024-25981 (Separate Groups mode restrictions were not honored when 
performing a f ...)
+       TODO: check
+CVE-2024-25980 (Separate Groups mode restrictions were not honored in the H5P 
attempts ...)
+       TODO: check
+CVE-2024-25979 (The URL parameters accepted by forum search were not limited 
to the al ...)
+       TODO: check
+CVE-2024-25978 (Insufficient file size checks resulted in a denial of service 
risk in  ...)
+       TODO: check
+CVE-2024-25640 (Iris is a web collaborative platform that helps incident 
responders sh ...)
+       TODO: check
+CVE-2024-25636 (Misskey is an open source, decentralized social media platform 
with Ac ...)
+       TODO: check
+CVE-2024-25635 (alf.io is an open source ticket reservation system. Prior to 
version 2 ...)
+       TODO: check
+CVE-2024-25634 (alf.io is an open source ticket reservation system. Prior to 
version 2 ...)
+       TODO: check
+CVE-2024-25626 (Yocto Project is an open source collaboration project that 
helps devel ...)
+       TODO: check
+CVE-2024-25625 (Pimcore's Admin Classic Bundle provides a Backend UI for 
Pimcore. A po ...)
+       TODO: check
+CVE-2024-25623 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2024-1633 (During the secure boot, bl2 (the second stage of the 
bootloader) loops ...)
+       TODO: check
+CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject 
SQL if u ...)
+       TODO: check
+CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when 
decoding  ...)
+       TODO: check
+CVE-2024-1346 (Weak MySQL database root password in LaborOfficeFree affects 
version 1 ...)
+       TODO: check
+CVE-2024-1345 (Weak MySQL database root password in LaborOfficeFree affects 
version 1 ...)
+       TODO: check
+CVE-2024-1344 (Encrypted database credentials in LaborOfficeFree affecting 
version 19 ...)
+       TODO: check
+CVE-2024-1343 (A weak permission was found in the backup directory in 
LaborOfficeFree ...)
+       TODO: check
+CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation 
of the  ...)
+       TODO: check
+CVE-2024-26308 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
        - libcommons-compress-java <unfixed>
        [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
        [bullseye] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        [buster] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2
-CVE-2024-25710 [Apache Commons Compress: Denial of service caused by an 
infinite loop for a corrupted DUMP file]
+CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
        - libcommons-compress-java <unfixed>
        [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
        [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
@@ -3499,7 +3541,7 @@ CVE-2024-0853 (curl inadvertently kept the SSL session ID 
for connections in its
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 
(curl-8_5_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c 
(curl-8_6_0)
 CVE-2024-21626 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
-       {DSA-5615-1}
+       {DSA-5615-1 DLA-3735-1}
        - runc 1.1.12+ds1-1 (bug #1062532)
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -161701,7 +161743,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js 
based forum software. In affect
 CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker 
componen ...)
        NOT-FOR-US: @joeattardi/emoji-button
 CVE-2021-43784 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
-       {DLA-2841-1}
+       {DLA-3735-1 DLA-2841-1}
        - runc 1.0.3+ds1-1
        [bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to