Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f579a15d by Moritz Mühlenhoff at 2024-07-31T23:49:50+02:00
bugnums
hoteldruid non issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -292,7 +292,8 @@ CVE-2024-37165 (Discourse is an open source discussion
platform. Prior to 3.2.3
CVE-2024-36572 (Prototype pollution in allpro form-manager 0.7.4 allows
attackers to r ...)
NOT-FOR-US: allpro form-manager
CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid
before 1 ...)
- - hoteldruid <unfixed>
+ - hoteldruid <unfixed> (unimportant)
+ NOTE: Negligible security impact
CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the
jwt key ...)
NOT-FOR-US: Apache SeaTunnel
CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site
request forg ...)
@@ -13290,12 +13291,12 @@ CVE-2023-6745 (The Custom Field Template plugin for
WordPress is vulnerable to S
CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak
and occ ...)
NOT-FOR-US: Keycloak
CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos
TGS-REQ ...)
- - freeipa <unfixed>
+ - freeipa <unfixed> (bug #1077683)
[bookworm] - freeipa <no-dsa> (Minor issue)
[bullseye] - freeipa <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial
implementation ...)
- - freeipa <unfixed>
+ - freeipa <unfixed> (bug #1077682)
[bookworm] - freeipa <no-dsa> (Minor issue)
[bullseye] - freeipa <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
@@ -23974,7 +23975,7 @@ CVE-2024-29513 (An issue in briscKernelDriver.sys in
BlueRiSC WindowsSCOPE Cyber
CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from
19.4.0 to 23. ...)
NOT-FOR-US: GoCD
CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt
function in cr ...)
- - libcrypto++ <unfixed>
+ - libcrypto++ <unfixed> (bug #1077684)
[bookworm] - libcrypto++ <no-dsa> (Minor issue)
[bullseye] - libcrypto++ <no-dsa> (Minor issue)
[buster] - libcrypto++ <postponed> (Minor issue; can be fixed in next
update)
@@ -38098,12 +38099,14 @@ CVE-2024-28836 (An issue was discovered in Mbed TLS
3.5.x before 3.6.0. When neg
NOTE: in Debian/experimental, but the first upload directly provides
fixes, so mark
NOTE: as <not-affected> altogether
CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL co ...)
- - mbedtls <unfixed>
+ [experimental] - mbedtls 3.6.0-1
+ - mbedtls <unfixed> (bug #1077686)
[bookworm] - mbedtls <no-dsa> (Minor issue)
[bullseye] - mbedtls <no-dsa> (Minor issue)
[buster] - mbedtls <postponed> (Minor issue)
NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654
NOTE: Possibly the same as CVE-2023-52353.
+ NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2
CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows
versions 10. ...)
NOT-FOR-US: Axigen Mail Server for Windows
CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213
Fall 20xx ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f579a15d36f6e850635918ac4a85c7b3efc94411
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f579a15d36f6e850635918ac4a85c7b3efc94411
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
