Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1450cbbd by Moritz Muehlenhoff at 2024-11-10T23:18:05+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24266,10 +24266,10 @@ CVE-2024-38321 (IBM Business Automation Workflow
22.0.2, 23.0.1, 23.0.2, and 24.
CVE-2024-37286 (APM server logs contain document body from a partially failed
bulk ind ...)
NOT-FOR-US: APM server
CVE-2024-7319 (An incomplete fix for CVE-2023-1625 was found in
openstack-heat. Sensi ...)
- - heat <unfixed> (bug #1082855)
- [bookworm] - heat <no-dsa> (Minor issue)
+ - heat <unfixed> (bug #1082855; unimportant)
[bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not
applied)
NOTE: https://storyboard.openstack.org/#!/story/2011007
+ NOTE: Negligible security impact
CVE-2024-7291 (The JetFormBuilder plugin for WordPress is vulnerable to
privilege esc ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6477 (The UsersWP WordPress plugin before 1.2.12 uses predictable
filenames ...)
@@ -67502,12 +67502,13 @@ CVE-2023-6597 (An issue was found in the CPython
`tempfile.TemporaryDirectory` c
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
NOTE: Introduced by:
https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c
(v3.8.0b1)
CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6
allow atta ...)
- - erlang-jose <unfixed> (bug #1067456)
+ - erlang-jose 1.11.10-1 (bug #1067456)
[bookworm] - erlang-jose <no-dsa> (Minor issue)
[bullseye] - erlang-jose <no-dsa> (Minor issue)
[buster] - erlang-jose <postponed> (DoS via a large p2c value but still
appears minor)
NOTE: https://github.com/potatosalad/erlang-jose/issues/156
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md
+ NOTE:
https://github.com/potatosalad/erlang-jose/commit/718d213f07b08056737923f8063d5df56dcb66ae
(1.11.7)
CVE-2023-4426
REJECTED
CVE-2023-44092 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
@@ -76610,7 +76611,7 @@ CVE-2024-24920 (A vulnerability has been identified in
Simcenter Femap (All vers
CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication
and autho ...)
{DLA-3751-1}
- libapache2-mod-auth-openidc 2.4.15.7-1 (bug #1064183)
- [bookworm] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [bookworm] - libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d
(v2.4.15.2)
@@ -125989,7 +125990,7 @@ CVE-2023-1933
RESERVED
CVE-2023-1932 (A flaw was found in hibernate-validator's 'isValid' method in
the org. ...)
- libhibernate-validator-java <unfixed> (bug #1063540)
- [bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [bookworm] - libhibernate-validator-java <ignored> (Minor issue)
[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
[buster] - libhibernate-validator-java <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
@@ -266728,7 +266729,7 @@ CVE-2021-33814
CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows
attackers to c ...)
{DLA-2712-1 DLA-2696-1}
- libjdom2-intellij-java <unfixed> (bug #990673)
- [bookworm] - libjdom2-intellij-java <no-dsa> (Minor issue)
+ [bookworm] - libjdom2-intellij-java <ignored> (Minor issue)
[bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
- libjdom2-java 2.0.6-2.1 (bug #990671)
@@ -357417,7 +357418,7 @@ CVE-2020-10694
REJECTED
CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A
bug in ...)
- libhibernate-validator-java <unfixed> (bug #988946)
- [bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [bookworm] - libhibernate-validator-java <ignored> (Minor issue)
[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
[buster] - libhibernate-validator-java <not-affected> (EL support added
in 5.x)
[stretch] - libhibernate-validator-java <not-affected> (EL support
added in 5.x)
@@ -412706,7 +412707,7 @@ CVE-2019-10220 (Linux kernel CIFS implementation,
version 4.9.0 is vulnerable to
[stretch] - linux 4.9.210-1
CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml
validat ...)
- libhibernate-validator-java <unfixed> (bug #948235)
- [bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [bookworm] - libhibernate-validator-java <ignored> (Minor issue)
[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
[buster] - libhibernate-validator-java <not-affected> (Vulnerable code
was introduced later)
[stretch] - libhibernate-validator-java <not-affected> (Vulnerable code
was introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1450cbbdacfdd5d31426f221193a605926477279
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1450cbbdacfdd5d31426f221193a605926477279
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
