Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3291cee8 by Salvatore Bonaccorso at 2024-08-07T06:29:10+02:00 Revert "salt: bullseye end-of-life, package was removed in 11.10" This reverts commit 94df7ddca336cc27e3a4958a0e6ff1847adad55d. This is due to open #1074468. Link: https://bugs.debian.org/1074468 - - - - - 4dacfd79 by Salvatore Bonaccorso at 2024-08-07T06:30:05+02:00 Revert "CVE-2022-XXXX/snort: bullseye end-of-life, package was removed in 11.10" This reverts commit 2dbf6a316cd2d7974e393629643b1476f9a84274. This is due to open #1074467 Link: https://bugs.debian.org/1074467 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9415,11 +9415,9 @@ CVE-2024-23765 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devic NOT-FOR-US: HMS Anybus X-Gateway AB7832-F CVE-2024-22232 (A specially crafted url can be created which leads to a directory trav ...) - salt <removed> - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory traversal ...) - salt <removed> - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...) NOT-FOR-US: Intrado 911 Emergency Gateway @@ -72346,7 +72344,6 @@ CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack NOT-FOR-US: JHipster generator-jhipster CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] - salt <removed> (bug #1055179) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) @@ -94738,7 +94735,6 @@ CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlie [bullseye] - python-tornado <no-dsa> (Minor issue) [buster] - python-tornado <no-dsa> (Minor issue) - salt <removed> (bug #1059297) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2) CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) @@ -138372,12 +138368,10 @@ CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerabil NOT-FOR-US: VMware CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...) - salt <removed> (bug #1051504) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...) - salt <removed> (bug #1051504) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ NOTE: https://github.com/saltstack/salt/issues/64061 @@ -182399,7 +182393,6 @@ CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does not NOT-FOR-US: WordPress plugin CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate] - snort <unfixed> (bug #1009820) - [bullseye] - snort <end-of-life> (EOL in bullseye) [buster] - snort <no-dsa> (Minor issue) [stretch] - snort <no-dsa> (Minor issue) CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) @@ -203055,7 +203048,6 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...) - salt <removed> (bug #1013872) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/ NOTE: Fixed by: https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8 (v3004.2) @@ -203123,7 +203115,6 @@ CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerab NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22940 @@ -203136,17 +203127,14 @@ CVE-2022-22937 RESERVED CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) - [bullseye] - salt <end-of-life> (EOL in bullseye) [buster] - salt <end-of-life> (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22933 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/94df7ddca336cc27e3a4958a0e6ff1847adad55d...4dacfd79411529efaa81e44e508a3e78e1eb2110 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/94df7ddca336cc27e3a4958a0e6ff1847adad55d...4dacfd79411529efaa81e44e508a3e78e1eb2110 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
