Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb64ff59 by Salvatore Bonaccorso at 2024-07-16T10:45:32+02:00
Add CVE-2024-40630/openimageio
- - - - -
27d6b895 by Salvatore Bonaccorso at 2024-07-16T10:45:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,11 +37,13 @@ CVE-2024-5402 (Unquoted Search Path or Element
vulnerability in ABB Mint Workben
CVE-2024-40631 (Plate media is an open source, rich-text editor for React.
Editors tha ...)
TODO: check
CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and
manipulating image ...)
- TODO: check
+ - openimageio <unfixed>
+ NOTE:
https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2
+ NOTE:
https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/0a2dcb4cf2c3fd4825a146cd3ad929d9d8305ce3
CVE-2024-40627 (Fastapi OPA is an opensource fastapi middleware which includes
auth fl ...)
- TODO: check
+ NOT-FOR-US: Fastapi OPA
CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private
tracker engine ...)
- TODO: check
+ NOT-FOR-US: TorrentPier
CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL
injectio ...)
NOT-FOR-US: Tmall_demo
CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary
file upl ...)
@@ -61,7 +63,7 @@ CVE-2024-39919 (@jmondi/url-to-png is an open source URL to
PNG utility featurin
CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility
featuring para ...)
TODO: check
CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon,
Nagios, Ic ...)
- TODO: check
+ NOT-FOR-US: Thruk
CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries
and a Sym ...)
TODO: check
CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace
Desktop ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64a1418935c41a0b84210c2edc434eb8daca90ab...27d6b895da1abfa442bc3ef1b51e14f9b499dbec
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64a1418935c41a0b84210c2edc434eb8daca90ab...27d6b895da1abfa442bc3ef1b51e14f9b499dbec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
