Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 99f819b7 by Moritz Muehlenhoff at 2024-02-26T13:51:28+01:00 new ruby-rack-cors issue resolve a few TODOs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,6 @@ CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...) - TODO: check + - ruby-rack-cors <unfixed> + NOTE: https://github.com/cyu/rack-cors/issues/274 CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...) NOT-FOR-US: Bentley CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...) @@ -4390,7 +4391,7 @@ CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...) - cpio <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249901 - TODO: check upstream reporting + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-02/msg00000.html CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attac ...) NOT-FOR-US: Ember ZNet CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...) @@ -5296,7 +5297,6 @@ CVE-2024-1062 (A heap overflow flaw was found in 389-ds-base. This issue leads t NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711 NOTE: https://github.com/389ds/389-ds-base/issues/5647 - TODO: check details CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...) - opensc 0.25.0~rc1-1 (bug #1064189) [bookworm] - opensc <no-dsa> (Minor issue) @@ -7543,7 +7543,6 @@ CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a [buster] - node-yarnpkg <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284 NOTE: Fixed by: https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 (v1.22.12) - TODO: check, too few details in RHBZ#2262284 CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...) NOT-FOR-US: Karjasoft Sami HTTP Server CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99f819b7d3826cde5588de7fa246d9d3814ca9b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99f819b7d3826cde5588de7fa246d9d3814ca9b9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
