Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
150c42ad by Moritz Muehlenhoff at 2024-07-28T17:26:03+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4785,6 +4785,7 @@ CVE-2024-39592 (Elements of PDCE does not perform
necessary authorization checks
NOT-FOR-US: SAP
CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for
Node.js. Depend ...)
- node-undici <unfixed>
+ [bookworm] - node-undici <no-dsa> (Minor issue)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq
NOTE: https://github.com/nodejs/undici/issues/3328
NOTE: https://github.com/nodejs/undici/issues/3337
@@ -5151,6 +5152,8 @@ CVE-2024-39937 (supOS 5.0 allows
api/image/download?fileName=../ directory trave
CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x
before 6.2. ...)
- qt6-base <unfixed> (bug #1076292)
- qtbase-opensource-src 5.15.13+dfsg-3 (bug #1076293)
+ [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles <unfixed>
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -5871,9 +5874,13 @@ CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was
discovered to contain a prot
NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
- requirejs <unfixed>
+ [bookworm] - requirejs <no-dsa> (Minor issue)
+ [bullseye] - requirejs <no-dsa> (Minor issue)
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
- requirejs <unfixed>
+ [bookworm] - requirejs <no-dsa> (Minor issue)
+ [bullseye] - requirejs <no-dsa> (Minor issue)
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
NOT-FOR-US: ratio-swiper Nodejs module
@@ -6274,6 +6281,8 @@ CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an
authenticated user to e
NOT-FOR-US: IBM
CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local
attacker to e ...)
- dcm2niix <unfixed> (bug #1074534)
+ [bookworm] - dcm2niix <no-dsa> (Minor issue)
+ [bullseye] - dcm2niix <no-dsa> (Minor issue)
NOTE: https://github.com/rordenlab/dcm2niix/pull/789
CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an
attacker to e ...)
- dcmtk 3.6.8-6 (bug #1074483)
@@ -16198,6 +16207,8 @@ CVE-2024-2036 (The ApplyOnline \u2013 Application Form
Builder and Manager plugi
NOT-FOR-US: WordPress plugin
CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer
Overflow ...)
- xmedcon <unfixed>
+ [bookworm] - xmedcon <no-dsa> (Minor issue)
+ [bullseye] - xmedcon <no-dsa> (Minor issue)
NOTE:
https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md
CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting
(XSS) via Cl ...)
NOT-FOR-US: Silverpeas Core
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150c42ad81c568596cbb96f9aaa5d80813686925
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150c42ad81c568596cbb96f9aaa5d80813686925
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
