Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55dded58 by Moritz Muehlenhoff at 2024-11-13T13:36:04+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6222,9 +6222,8 @@ CVE-2024-43812 (Kieback & Peter's DDC4000 serieshas an
insufficiently protected
CVE-2024-43698 (Kieback & Peter's DDC4000 seriesuses weak credentials, which
may allow ...)
NOT-FOR-US: Kieback & Peter's DDC4000 series
CVE-2024-42643 (Integer Overflow in fast_ping.c in SmartDNS Release46 allows
remote at ...)
- - smartdns <unfixed> (bug #1086146)
+ - smartdns <not-affected> (Was resolved in 2019, prior to the initial
upload to Debian)
NOTE: https://github.com/pymumu/smartdns/issues/177
- TODO: possibly valid report as upstream issue has been closed, but
details unclear
CVE-2024-41717 (Kieback & Peter's DDC4000 seriesis vulnerable to a path
traversal vuln ...)
NOT-FOR-US: Kieback & Peter's DDC4000 series
CVE-2024-40494 (Buffer Overflow in coap_msg.c in FreeCoAP allows remote
attackers to e ...)
@@ -10703,7 +10702,7 @@ CVE-2024-46307 (A loop hole in the payment logic of
Sparkshop v1.16 allows attac
NOT-FOR-US: Sparkshop
CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below
allows a re ...)
- libcoap3 <unfixed> (bug #1084981)
- [bookworm] - libcoap3 <no-dsa> (Minor issue)
+ [bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in
Bookworm)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue; can be fixed in next
update)
- libcoap <removed>
@@ -40381,7 +40380,7 @@ CVE-2023-6491 (The Strong Testimonials plugin for
WordPress is vulnerable to una
NOT-FOR-US: WordPress plugin
CVE-2023-51847 (An issue in obgm and Libcoap v.a3ed466 allows a remote
attacker to cau ...)
- libcoap3 <unfixed> (bug #1084981)
- [bookworm] - libcoap3 <no-dsa> (Minor issue)
+ [bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in
Bookworm)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue; can be fixed in next
update)
- libcoap <removed>
@@ -58449,7 +58448,7 @@ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap
4.3.4 allows attackers to ca
- libcoap <not-affected> (Vulnerable code not present)
- libcoap2 <not-affected> (Vulnerable code not present)
- libcoap3 <unfixed> (bug #1070362)
- [bookworm] - libcoap3 <no-dsa> (Minor issue)
+ [bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in
Bookworm)
NOTE: https://github.com/obgm/libcoap/issues/1351
NOTE:
https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
(develop)
NOTE: Introduced by:
https://github.com/obgm/libcoap/commit/7033555d2978b8d4d5e16d43cfbfe1b1781c418f
(v4.3.0-rc1)
@@ -70548,7 +70547,7 @@ CVE-2024-27907 (A vulnerability has been identified in
Simcenter Femap (All vers
CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits
authent ...)
NOT-FOR-US: Apache Pulsar
CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that
calls the at ...)
- - rpyc <unfixed> (bug #1066879)
+ - rpyc 6.0.0-1 (bug #1066879)
[bookworm] - rpyc <no-dsa> (Minor issue)
NOTE:
https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw
NOTE: https://github.com/tomerfiliba-org/rpyc/issues/551
@@ -88910,7 +88909,7 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM
support not present)
- openssh 1:9.6p1-1
- paramiko 3.4.0-1 (bug #1059006)
- [bookworm] - paramiko <no-dsa> (Minor issue)
+ [bookworm] - paramiko <ignored> (Minor issue)
[bullseye] - paramiko <no-dsa> (Minor issue)
[buster] - paramiko <not-affected> (ChaCha20-Poly1305 and CBC-EtM
support not present)
- phpseclib 1.0.22-1
@@ -125045,7 +125044,7 @@ CVE-2023-30363 (vConsole v3.15.0 was discovered to
contain a prototype pollution
NOT-FOR-US: Tencent vConsole
CVE-2023-30362 (Buffer Overflow vulnerability in coap_send function in libcoap
library ...)
- libcoap3 4.3.1-2 (bug #1040594)
- [bookworm] - libcoap3 <no-dsa> (Minor issue)
+ [bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in
Bookworm)
NOTE: https://github.com/obgm/libcoap/issues/1063
NOTE:
https://github.com/obgm/libcoap/commit/e242200f0af2a418dc9f69eee543feacc13cd851
CVE-2023-30361
@@ -182378,10 +182377,11 @@ CVE-2022-37343 (Improper access control in the BIOS
firmware for some Intel(R) P
NOT-FOR-US: Intel
CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the
TriangleMesh ...)
- slic3r <unfixed> (bug #1034848)
- [bookworm] - slic3r <no-dsa> (Minor issue)
+ [bookworm] - slic3r <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r <no-dsa> (Minor issue)
[buster] - slic3r <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593
+ NOTE: https://github.com/slic3r/Slic3r/issues/5162
CVE-2022-36420
RESERVED
CVE-2022-36419
@@ -268773,6 +268773,8 @@ CVE-2021-3563 (A flaw was found in
openstack-keystone. Only the first 72 charact
[stretch] - keystone <end-of-life> (Keystone is not supported in
stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
NOTE: https://bugs.launchpad.net/keystone/+bug/1901891
+ NOTE:
https://opendev.org/openstack/keystone/commit/6730c761d18aa547998f2add833c13f45f257fe7
+ NOTE: Fixed in 22.0.1
CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory
Traversal for de ...)
NOT-FOR-US: Dutchcoders transfer.sh
CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline
view.)
@@ -311396,24 +311398,24 @@ CVE-2020-28599 (A stack-based buffer overflow
vulnerability exists in the import
NOTE:
https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh
stl_fix_norm ...)
- slic3r-prusa <unfixed> (bug #1074415)
- [bookworm] - slic3r-prusa <no-dsa> (Minor issue)
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222
CVE-2020-28597 (A predictable seed vulnerability exists in the password reset
function ...)
NOT-FOR-US: Epignosis EfrontPro
CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the
Objparser::o ...)
- slic3r-prusa <unfixed> (bug #1074415)
- [bookworm] - slic3r-prusa <no-dsa> (Minor issue)
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp
load_obj() ...)
- slic3r-prusa <unfixed> (bug #1074415)
- [bookworm] - slic3r-prusa <no-dsa> (Minor issue)
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219
CVE-2020-28594 (A use-after-free vulnerability exists in the
_3MF_Importer::_handle_en ...)
- slic3r-prusa <unfixed> (bug #1074415)
- [bookworm] - slic3r-prusa <no-dsa> (Minor issue)
+ [bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218
CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server
function ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55dded588e4147326d0b79a9ee8cc3057adde5f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55dded588e4147326d0b79a9ee8cc3057adde5f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
