[Git][security-tracker-team/security-tracker][master] Add two new spip issue which require more triaging

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
245d81be by Salvatore Bonaccorso at 2024-11-26T21:26:48+01:00
Add two new spip issue which require more triaging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,8 +25,12 @@ CVE-2024-53975 (Accessing a non-secure HTTP site that uses a 
non-existent port m
 CVE-2024-53844 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to 
connect  ...)
        NOT-FOR-US: E.D.D.I (Enhanced Dialog Driven Interface)
 CVE-2024-53620 (A cross-site scripting (XSS) vulnerability in the Article 
module of SP ...)
-       TODO: check
+       - spip <undetermined>
+       NOTE: https://grimthereaperteam.medium.com/ec1e8714c02e
+       TODO: check, maybe fixed in 4.3.4, if so identify fix
 CVE-2024-53619 (An authenticated arbitrary file upload vulnerability in the 
Documents  ...)
+       - spip <undetermined>
+       NOTE: 
https://grimthereaperteam.medium.com/spip-4-3-3-malicious-file-upload-xss-in-pdf-526c03bb1776
        TODO: check
 CVE-2024-53555 (A CSV injection vulnerability in Taiga v6.8.1 allows attackers 
to exec ...)
        NOT-FOR-US: Taiga



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245d81beaf7ec445047183552224b578338feb21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245d81beaf7ec445047183552224b578338feb21
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits