[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 20 Jan 2025 12:12:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
57b507af by security tracker role at 2025-01-20T20:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,45 @@
-CVE-2023-52923 [netfilter: nf_tables: adapt set backend to use GC transaction 
API]
+CVE-2025-24337 (WriteFreely through 0.15.1, when MySQL is used, allows local 
users to  ...)
+       TODO: check
+CVE-2025-24013 (CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, 
CodeIgn ...)
+       TODO: check
+CVE-2025-24010 (Vite is a frontend tooling framework for javascript. Vite 
allowed any  ...)
+       TODO: check
+CVE-2025-23221 (Fedify is a TypeScript library for building federated server 
apps powe ...)
+       TODO: check
+CVE-2025-23220 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+       TODO: check
+CVE-2025-23219 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+       TODO: check
+CVE-2025-23218 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+       TODO: check
+CVE-2025-23214 (Cosmos provides users the ability self-host a home server by 
acting as ...)
+       TODO: check
+CVE-2025-23044 (PwnDoc is a penetration test report generator. There is no 
CSRF protec ...)
+       TODO: check
+CVE-2025-22620 (gitoxide is an implementation of git written in Rust. Prior to 
0.17.0, ...)
+       TODO: check
+CVE-2025-22131 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+       TODO: check
+CVE-2025-0479 (This vulnerability exists in the CP Plus Router due to insecure 
handli ...)
+       TODO: check
+CVE-2024-51738 (Sunshine is a self-hosted game stream host for Moonlight. In 
0.23.1 an ...)
+       TODO: check
+CVE-2024-45647 (IBM Security Verify Access 10.0.0 through 10.0.8 and IBM 
Security Veri ...)
+       TODO: check
+CVE-2024-22349 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 
through 4.0 ...)
+       TODO: check
+CVE-2024-22348 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 
through 4.0 ...)
+       TODO: check
+CVE-2024-22347 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 
through 4.0 ...)
+       TODO: check
+CVE-2024-13176 (Issue summary: A timing side-channel which could potentially 
allow rec ...)
+       TODO: check
+CVE-2023-52923 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 6.4.11-1
        [bookworm] - linux 6.1.64-1
        [bullseye] - linux 5.10.205-1
        NOTE: 
https://git.kernel.org/linus/f6c383b8c31a93752a52697f8430a71dcbc46adf (6.5-rc6)
-CVE-2025-21655 [io_uring/eventfd: ensure io_eventfd_signal() defers another 
RCU period]
+CVE-2025-21655 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 6.12.10-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/c9a40292a44e78f71258b8522655bffaf5753bdb (6.13-rc7)
@@ -5020,6 +5056,7 @@ CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 
2.0.1.3643 and 2.0.1.3582 an
 CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local 
attacker cause  ...)
        NOT-FOR-US: OpenHarmony
 CVE-2024-46981 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+       {DLA-4025-1}
        - redis <unfixed> (bug #1092370)
        - redict 7.3.2+ds-1 (bug #1092372)
        - valkey 8.0.2+dfsg1-1 (bug #1092371)
@@ -45198,6 +45235,7 @@ CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds 
Read Information Disclosure
        [bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
 CVE-2024-7006 (A null pointer dereference flaw was found in Libtiff via 
`tif_dirinfo. ...)
+       {DLA-4026-1}
        - tiff 4.5.1+git230720-5 (bug #1078648)
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/559
@@ -101445,6 +101483,7 @@ CVE-2023-6482 (Use of encryption key derived from 
static information in Synaptic
 CVE-2023-6470
        REJECTED
 CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer 
overflow a ...)
+       {DLA-4024-1}
        [experimental] - poco 1.13.0-1
        - poco 1.13.0-6
        [bookworm] - poco 1.11.0-3+deb12u1
@@ -101876,7 +101915,7 @@ CVE-2023-6267 (A flaw was found in the json payload. 
If annotation based securit
 CVE-2023-5675 (A flaw was found in Quarkus. When a Quarkus RestEasy Classic or 
Reacti ...)
        NOT-FOR-US: Quarkus
 CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be 
trigger ...)
-       {DLA-3758-1}
+       {DLA-4026-1 DLA-3758-1}
        - tiff 4.5.1+git230720-4 (bug #1061524)
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
@@ -104469,6 +104508,7 @@ CVE-2023-6040 (An out-of-bounds access vulnerability 
involving netfilter was rep
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/1
        NOTE: 
https://git.kernel.org/linus/f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 (5.18-rc1)
 CVE-2023-52339 (In libebml before 1.4.5, an integer overflow in 
MemIOCallback.cpp can  ...)
+       {DLA-4023-1}
        - libebml 1.4.5-1
        [bookworm] - libebml 1.4.4-1+deb12u1
        [buster] - libebml <no-dsa> (Minor issue)
@@ -134575,7 +134615,7 @@ CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 
and earlier ignores the "Re
 CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 
and earl ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can 
lead to ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.1~rc3-1 (bug #1040945)
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
@@ -137433,7 +137473,7 @@ CVE-2023-3317 (A use-after-free flaw was found in 
mt7921_check_offload_capabilit
        - linux <not-affected> (Vulnerable code never in released version in 
unstable)
        NOTE: 
https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
 CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a 
failure to op ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.0-5
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468
@@ -137482,7 +137522,7 @@ CVE-2023-31411 (A remote unprivileged attacker can 
modify and access configurati
 CVE-2023-31410 (A remote unprivileged attacker can intercept the communication 
via e.g ...)
        NOT-FOR-US: SICK
 CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's 
tif_dir.c file ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.1~rc3-1
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479
@@ -155825,14 +155865,14 @@ CVE-2023-26968 (In Atrocore 1.5.25, the Create 
Import Feed option with glyphicon
 CVE-2023-26967
        RESERVED
 CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() 
when lib ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.1~rc3-1
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9
 (v4.5.1rc1)
 CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a 
heap-ba ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.1~rc3-1
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472
@@ -160575,7 +160615,7 @@ CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer 
Overflow via extractContig
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
 (v4.5.1rc1)
        NOTE: Same fix as CVE-2023-0795.
 CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via 
/libtiff/tools/tiff ...)
-       {DLA-3513-1}
+       {DLA-4026-1 DLA-3513-1}
        - tiff 4.5.1~rc3-1
        [bookworm] - tiff 4.5.0-6+deb12u2
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/520



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b507afb60350de2c07dfc80974818e83a1c804

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b507afb60350de2c07dfc80974818e83a1c804
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to