bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 23 Apr 2024 03:19:06 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
88871c05 by Moritz Muehlenhoff at 2024-04-23T12:18:21+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -200,7 +200,6 @@ CVE-2024-32493 [SQL injection issue regarding Form IDs when 
cleaning up drafts]
        NOTE: https://www.znuny.org/en/advisories/zsa-2024-03
 CVE-2024-32492 [Cross Site Scripting (XSS) in the Customer Portal Ticket View]
        - znuny <not-affected> (Only affects Znuny from 7.0.1 up to including 
7.0.16)
-       [bookworm] - znuny <no-dsa> (Non-free not supported)
        NOTE: https://www.znuny.org/en/advisories/zsa-2024-02
 CVE-2024-32491 [Directory Traversal via File Upload]
        - znuny 6.5.8-1
@@ -764,6 +763,8 @@ CVE-2023-41864 (Cross-Site Request Forgery (CSRF) 
vulnerability in Pepro Dev. Gr
        NOT-FOR-US: WordPress plugin
 CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is 
not co ...)
        - sssd <unfixed>
+       [bookworm] - sssd <no-dsa> (Minor issue)
+       [bullseye] - sssd <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762
        NOTE: https://github.com/SSSD/sssd/pull/7302
        NOTE: 
https://github.com/SSSD/sssd/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a 
(master)
@@ -1043,8 +1044,11 @@ CVE-2024-31040 (Buffer Overflow vulnerability in the 
get_var_integer function in
 CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to 
cause un ...)
        - libcoap <removed>
        - libcoap2 <removed>
+       [bullseye] - libcoap2 <no-dsa> (Minor issue)
        - libcoap3 <unfixed>
+       [bookworm] - libcoap3 <no-dsa> (Minor issue)
        NOTE: https://github.com/obgm/libcoap/issues/1351
+       NOTE: 
https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
 CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in 
phpgurukul Clien ...)
        NOT-FOR-US: phpgurukul Client Management System
 CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php 
of phpg ...)
@@ -2263,6 +2267,8 @@ CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in 
mindsdb/mindsdb)
        NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the 
Authorizat ...)
        - python-scrapy 2.11.1-1
+       [bookworm] - python-scrapy <no-dsa> (Minor issue)
+       [bullseye] - python-scrapy <no-dsa> (Minor issue)
        NOTE: 
https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
        NOTE: https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
        NOTE: 
https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75
 (2.11.1)
@@ -2270,6 +2276,8 @@ CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File 
Inclusion (LFI) due to
        NOT-FOR-US: mlflow
 CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity 
(XXE) a ...)
        - python-scrapy 2.11.1-1
+       [bookworm] - python-scrapy <no-dsa> (Minor issue)
+       [bullseye] - python-scrapy <no-dsa> (Minor issue)
        NOTE: https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
        NOTE: 
https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f
 (2.11.1)
        NOTE: 
https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
@@ -2683,6 +2691,8 @@ CVE-2024-3505 (JFrog Artifactory Self-Hosted versions 
below 7.77.3, are vulnerab
        NOT-FOR-US: JFrog Artifactory Self-Hosted
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
        - tcpdf 6.7.4+dfsg-1
+       [bookworm] - tcpdf <no-dsa> (Minor issue)
+       [bullseye] - tcpdf <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
 (6.7.4)
 CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege 
Escalati ...)
@@ -23530,6 +23540,8 @@ CVE-2024-22922 (An issue in Projectworlds Vistor 
Management Systemin PHP v.1.0 a
        NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
 CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular 
Expression Denia ...)
        - tcpdf 6.7.5+dfsg-1
+       [bookworm] - tcpdf <no-dsa> (Minor issue)
+       [bullseye] - tcpdf <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
        NOTE: https://github.com/zunak/CVE-2024-22640
        NOTE: 
https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
 (6.7.5)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88871c05d500fef5ff492c740b29161b3c507821

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88871c05d500fef5ff492c740b29161b3c507821
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to