Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aab07c9b by Moritz Muehlenhoff at 2024-11-04T09:08:47+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25631,12 +25631,10 @@ CVE-2024-5964 (The Zenon Lite theme for WordPress is
vulnerable to Stored Cross-
CVE-2024-5726 (The Timeline Event History plugin for WordPress is vulnerable
to PHP O ...)
NOT-FOR-US: WordPress plugin
CVE-2024-41184 (In the vrrp_ipsets_handler handler (fglobal_parser.c) of
keepalived th ...)
- - keepalived <unfixed> (bug #1077370)
- [bookworm] - keepalived <no-dsa> (Minor issue)
- [bullseye] - keepalived <no-dsa> (Minor issue)
+ - keepalived <unfixed> (bug #1077370; unimportant)
NOTE:
https://github.com/acassen/keepalived/commit/e78513fe0ce5d83c226ea2c0bd222f375c2438e7
NOTE:
https://github.com/acassen/keepalived/issues/2447#issuecomment-2231329734
- NOTE: An empty ipset name must be explicitly configured by the user
+ NOTE: An empty ipset name must be explicitly configured by the user, no
practical security impact
CVE-2024-40764 (Heap-based buffer overflow vulnerability in the SonicOS IPSec
VPN allo ...)
NOT-FOR-US: SonicWall
CVE-2024-40492 (Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1
allows a ...)
@@ -64516,7 +64514,7 @@ CVE-2024-2161 (Use of Hard-coded Credentials in
Kiloview NDI allows un-authentic
NOT-FOR-US: Kiloview
CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary
code vi ...)
- distrobox 1.7.0.1-1
- [bookworm] - distrobox <no-dsa> (Minor issue)
+ [bookworm] - distrobox <not-affected> (Vulnerable code not present)
NOTE: https://github.com/89luca89/distrobox/issues/1275
NOTE: Fixed by:
https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944
(1.7.0.1)
CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder
before 4. ...)
@@ -104989,9 +104987,8 @@ CVE-2023-4520 (The FV Flowplayer Video Player plugin
for WordPress is vulnerable
NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
CVE-2023-4508 (A user able to control file input to Gerbv, between versions
2.4.0 and ...)
{DLA-3593-1}
- - gerbv 2.10.0-1 (bug #1050560)
- [bookworm] - gerbv <no-dsa> (Minor issue)
- [bullseye] - gerbv <no-dsa> (Minor issue)
+ - gerbv 2.10.0-1 (bug #1050560; unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/gerbv/gerbv/issues/191
NOTE: https://github.com/gerbv/gerbv/pull/192
NOTE:
https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
(v2.10.0-rc.1)
@@ -114348,7 +114345,7 @@ CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is
vulnerable to SQL Injection
NOT-FOR-US: PrestaShop postfinance
CVE-2023-2976 (Use of Java's default temporary directory for file creation in
`FileBa ...)
- guava-libraries 32.0.1-1 (bug #1038979)
- [bookworm] - guava-libraries <no-dsa> (Minor issue)
+ [bookworm] - guava-libraries <ignored> (Minor issue, mitigated by
kernel tmp hardening)
[bullseye] - guava-libraries <no-dsa> (Minor issue)
[buster] - guava-libraries <no-dsa> (Minor issue)
NOTE: https://github.com/google/guava/releases/tag/v32.0.0
@@ -359474,7 +359471,7 @@ CVE-2020-8909
RESERVED
CVE-2020-8908 (A temp directory creation vulnerability exists in all versions
of Guav ...)
- guava-libraries 32.0.1-1 (bug #1038979)
- [bookworm] - guava-libraries <no-dsa> (Minor issue)
+ [bookworm] - guava-libraries <ignored> (Minor issue, mitigated by
kernel tmp hardening)
[bullseye] - guava-libraries <no-dsa> (Minor issue)
[buster] - guava-libraries <no-dsa> (Minor issue)
NOTE: https://github.com/google/guava/issues/4011
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab07c9b203bb197542324fc21d27a528edec89f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab07c9b203bb197542324fc21d27a528edec89f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
