Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1313252f by Moritz Muehlenhoff at 2024-11-24T21:02:22+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21045,12 +21045,12 @@ CVE-2024-8601 (This vulnerability exists in TechExcel
Back Office Software versi
NOT-FOR-US: TechExcel Back Office Software
CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in
<sourc ...)
- angular.js <unfixed>
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <postponed> (Minor issue)
NOTE:
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute
in Angu ...)
- angular.js <unfixed>
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <postponed> (Minor issue)
NOTE:
https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and
August 14, ...)
@@ -59895,7 +59895,7 @@ CVE-2023-48683 (Sensitive information disclosure and
manipulation due to missing
NOT-FOR-US: Acronis Cyber Protect Cloud Agent
CVE-2023-46565 (Buffer Overflow vulnerability in osrg gobgp commit
419c50dfac578daa4d1 ...)
- gobgp <unfixed> (bug #1070393)
- [bookworm] - gobgp <no-dsa> (Minor issue)
+ [bookworm] - gobgp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - gobgp <no-dsa> (Minor issue)
NOTE: https://github.com/osrg/gobgp/issues/2725
CVE-2023-46270 (MacPaw The Unarchiver before 4.3.6 contains vulnerability
related to m ...)
@@ -82467,7 +82467,7 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python
asynchronous chatbot framewo
NOT-FOR-US: nonebot2
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
- angular.js <unfixed>
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <postponed> (Fix along with the next DLA)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
@@ -117144,7 +117144,7 @@ CVE-2023-37733 (An arbitrary file upload
vulnerability in tduck-platform v4.0 al
NOT-FOR-US: Grav CMStduck-platform
CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp 3.8.5-1
- [bookworm] - python-aiohttp <no-dsa> (Minor issue)
+ [bookworm] - python-aiohttp <ignored> (Minor issue)
[bullseye] - python-aiohttp <not-affected> (doesn't use llhttp, PoC is
rejected with Bad Request)
[buster] - python-aiohttp <not-affected> (doesn't use llhttp, PoC is
rejected with Bad Request)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
@@ -141755,19 +141755,19 @@ CVE-2023-26119 (Versions of the package
net.sourceforge.htmlunit:htmlunit from 0
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to
Regular E ...)
- angular.js <unfixed> (bug #1036694)
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to
Regular E ...)
- angular.js <unfixed> (bug #1036694)
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to
Regular ...)
- angular.js <unfixed> (bug #1036694)
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
@@ -222094,7 +222094,7 @@ CVE-2022-25871 (All versions of package querymen are
vulnerable to Prototype Pol
NOT-FOR-US: Node querymen
CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site
Scripting ...)
- angular.js <unfixed> (bug #1036694)
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
@@ -222153,7 +222153,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson
before 1.2.83 are vulnerable to
NOT-FOR-US: com.alibaba:fastjson
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular
Expression D ...)
- angular.js <unfixed> (bug #1014779)
- [bookworm] - angular.js <no-dsa> (Minor issue)
+ [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by
security support)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1313252f6d2364f1bdde56b63ab6bff315027f90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1313252f6d2364f1bdde56b63ab6bff315027f90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
