Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb3fc44c by Moritz Muehlenhoff at 2024-06-07T11:43:40+02:00
roundcube CVEfied plus one n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,11 +45,14 @@ CVE-2024-3592 (The Quiz And Survey Master \u2013 Best Quiz,
Exam and Survey Plug
CVE-2024-3288 (The Logo Slider WordPress plugin before 4.0.0 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37385 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on
Windows allow ...)
- TODO: check
+ - roundcube <not-affected> (Windows-specific)
+ NOTE:
https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f
CVE-2024-37384 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows
XSS via l ...)
- TODO: check
+ - roundcube 1.6.7+dfsg-1 (bug #1071474)
+ NOTE:
https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
CVE-2024-37383 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows
XSS via S ...)
- TODO: check
+ - roundcube 1.6.7+dfsg-1 (bug #1071474)
+ NOTE:
https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
CVE-2024-36823 (The encrypt() function of Ninja Core v7.0.0 was discovered to
use a we ...)
NOT-FOR-US: Ninja framework
CVE-2024-36795 (Insecure permissions in Netgear WNR614
JNR1010V2/N300-V1.1.0.54_1.0.1 ...)
@@ -3598,12 +3601,6 @@ CVE-2024-36010 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c56d055893cbe97848611855d1c97d0ab171eccc (6.8-rc5)
-CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling SVG
animate attributes]
- - roundcube 1.6.7+dfsg-1 (bug #1071474)
- NOTE:
https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
-CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling list
columns from user preferences]
- - roundcube 1.6.7+dfsg-1 (bug #1071474)
- NOTE:
https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
CVE-2021-47498 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 5.14.16-1
NOTE:
https://git.kernel.org/linus/b4459b11e84092658fa195a2587aff3b9637f0e7 (5.15-rc6)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3fc44cb346e09917e6b7b9dc4a6d61e7934ff2
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3fc44cb346e09917e6b7b9dc4a6d61e7934ff2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
