Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4787f35a by Moritz Muehlenhoff at 2024-05-15T13:32:17+02:00 bookworm/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -821,10 +821,11 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - - libxml2 <unfixed> (bug #1071162) + - libxml2 <unfixed> (unimportant; bug #1071162) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7) + NOTE: Crash in CLI tool, no security impact CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) @@ -1434,6 +1435,8 @@ CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusi NOT-FOR-US: WordPress theme CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...) - golang-github-opencontainers-go-digest <unfixed> (bug #1070858) + [bookworm] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue) + [bullseye] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274767 CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin @@ -3828,7 +3831,11 @@ CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Executi NOT-FOR-US: Bentley CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...) - musescore2 <unfixed> + [bookworm] - musescore2 <no-dsa> (Minor issue) + [bullseye] - musescore2 <no-dsa> (Minor issue) - musescore3 <unfixed> (bug #1070860) + [bookworm] - musescore3 <no-dsa> (Minor issue) + [bullseye] - musescore3 <no-dsa> (Minor issue) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1526/ CVE-2023-44427 (D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injecti ...) NOT-FOR-US: D-Link View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4787f35af1bfe5dd00a2f84dca237a6412d21e3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4787f35af1bfe5dd00a2f84dca237a6412d21e3b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits