Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9fdae700 by Moritz Muehlenhoff at 2024-11-11T21:10:41+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20644,7 +20644,7 @@ CVE-2024-7904 (A vulnerability was found in DedeBIZ
6.3.0. It has been rated as
NOT-FOR-US: DedeBIZ
CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows
the `Ac ...)
- python-flask-cors <unfixed> (bug #1081300)
- [bookworm] - python-flask-cors <no-dsa> (Minor issue)
+ [bookworm] - python-flask-cors <postponed> (Minor issue, revisit when
fixed upstream)
[bullseye] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
NOTE: https://github.com/corydolphin/flask-cors/issues/337
@@ -32582,15 +32582,21 @@ CVE-2024-39001 (ag-grid-enterprise v31.3.2 was
discovered to contain a prototype
CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
- - requirejs <unfixed> (bug #1077543)
+ - requirejs 2.3.7+ds+~2.1.37-1 (bug #1077543)
[bookworm] - requirejs <no-dsa> (Minor issue)
[bullseye] - requirejs <no-dsa> (Minor issue)
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
+ NOTE: https://github.com/requirejs/requirejs/issues/1854
+ NOTE: https://github.com/requirejs/requirejs/pull/1856
+ NOTE:
https://github.com/requirejs/requirejs/commit/6e8a234303deaf80ef619e66a2f5c6616bb7e6d9
(2.3.7)
CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
- - requirejs <unfixed> (bug #1077543)
+ - requirejs 2.3.7+ds+~2.1.37-1 (bug #1077543)
[bookworm] - requirejs <no-dsa> (Minor issue)
[bullseye] - requirejs <no-dsa> (Minor issue)
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
+ NOTE: https://github.com/requirejs/requirejs/issues/1854
+ NOTE: https://github.com/requirejs/requirejs/pull/1856
+ NOTE:
https://github.com/requirejs/requirejs/commit/6e8a234303deaf80ef619e66a2f5c6616bb7e6d9
(2.3.7)
CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were
discover ...)
@@ -117760,6 +117766,9 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0
with use of yajl_tree_parse
[buster] - r-cran-jsonlite <postponed> (Minor issue; fix only after
newer releases got a fix)
- ruby-yajl <not-affected> (Vulnerable code not present; embeds
not-affected old yajl version)
NOTE: ruby-yajl embeds yajl version 1.0.12
(https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h)
+ NOTE: r-cran-jsonlite: https://github.com/jeroen/jsonlite/issues/426
+ NOTE: r-cran-jsonlite: https://github.com/jeroen/jsonlite/pull/421
+ NOTE: r-cran-jsonlite:
https://github.com/jeroen/jsonlite/commit/e8965dfead9f270ff8d7bb3029e86dee866d407d
(v1.8.8)
CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in
URIParser::parse , ...)
NOT-FOR-US: Sogou Workflow
CVE-2023-33381 (A command injection vulnerability was found in the ping
functionality ...)
@@ -220522,6 +220531,8 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL
JSON parsing and generation
NOTE: https://github.com/lloyd/yajl/issues/239
NOTE: burp fix:
https://github.com/grke/burp/commit/5ce44cdf7018767b53a4c5466c62e4dc99d0bc93
NOTE: epics-base: https://github.com/epics-base/epics-base/issues/405
+ NOTE: r-cran-jsonlite: https://github.com/jeroen/jsonlite/issues/431
+ NOTE: r-cran-jsonlite:
https://github.com/jeroen/jsonlite/commit/e425ef9cb39500687d83654a565c8abd203ff8ba
(v1.8.8)
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -498798,6 +498809,8 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby,
when a crafted JSON file is
NOTE:
https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
NOTE: burp fix:
https://github.com/grke/burp/commit/5ce44cdf7018767b53a4c5466c62e4dc99d0bc93
NOTE: epics-base: https://github.com/epics-base/epics-base/issues/405
+ NOTE: r-cran-jsonlite: https://github.com/jeroen/jsonlite/issues/431
+ NOTE: r-cran-jsonlite:
https://github.com/jeroen/jsonlite/commit/ce9520f888c2339b48565fcc5ffecc85091e589e
(v1.8.8)
CVE-2017-16515
RESERVED
CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS)
vulnerabilities ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fdae70095de147f68d3e795a7612aa4097835dd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fdae70095de147f68d3e795a7612aa4097835dd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
