[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon, 26 Aug 2024 01:54:35 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2adf6964 by Moritz Muehlenhoff at 2024-08-26T10:11:32+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -168,6 +168,7 @@ CVE-2024-42852 (Cross Site Scripting vulnerability in 
AcuToWeb server v.10.5.0.7
        NOT-FOR-US: AcuToWeb server
 CVE-2024-42845 (An eval Injection vulnerability in the component 
invesalius/reader/dic ...)
        - invesalius <unfixed>
+       [bookworm] - invesalius <no-dsa> (Minor issue)
        NOTE: 
https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
 CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable 
to Incorr ...)
        NOT-FOR-US: Kashipara Bus Ticket Reservation System
@@ -780,6 +781,7 @@ CVE-2024-43410 (Russh is a Rust SSH client & server 
library. Allocating an untru
        NOT-FOR-US: Russh
 CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
        - ckeditor <unfixed>
+       [bookworm] - ckeditor <no-dsa> (Minor issue)
        [bullseye] - ckeditor <postponed> (Minor issue)
        NOTE: 
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
        NOTE: Fixed by removing the plugins/codesnippetgeshi/dev directory 
completely.
@@ -32112,6 +32114,7 @@ CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers 
to exploit XSS due to ina
        NOT-FOR-US: ThinkPHP
 CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment 
preview.)
        - sogo 5.11.0-1 (bug #1071163)
+       [bookworm] - sogo <no-dsa> (Minor issue)
        [buster] - sogo <postponed> (Minor issue)
        NOTE: 
https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 
(SOGo-5.11.0)
 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an 
off-by-one error ...)
@@ -63352,6 +63355,7 @@ CVE-2023-49106 (Missing Password Field Masking 
vulnerability in Hitachi Device M
        NOT-FOR-US: Hitachi
 CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
        - sogo 5.9.1-1 (bug #1060925)
+       [bookworm] - sogo <no-dsa> (Minor issue)
        [buster] - sogo <ignored> (Minor issue)
        NOTE: Fixed by: 
https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 
(SOGo-5.9.1)
 CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0 
allows a rem ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ opennds
 --
 pymatgen
 --
+python3.11 (jmm)
+--
 python-aiohttp
 --
 python-reportlab
@@ -54,5 +56,7 @@ twisted
 --
 webkit2gtk (berto)
 --
+xen
+--
 zabbix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adf69643e1290bbfb67556425fe8ad4d3ab583e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adf69643e1290bbfb67556425fe8ad4d3ab583e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to