Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d34b25c6 by Moritz Muehlenhoff at 2025-04-21T22:36:12+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -70860,6 +70860,7 @@ CVE-2024-6688 (The Oxygen Builder plugin for WordPress
is vulnerable to unauthor
NOT-FOR-US: WordPress plugin
CVE-2024-45321 (The App::cpanminus package through 1.7047 for Perl downloads
code via ...)
- cpanminus <unfixed> (bug #1081559)
+ [trixie] - cpanminus <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - cpanminus <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - cpanminus <postponed> (Minor issue)
NOTE:
https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
@@ -71489,6 +71490,7 @@ CVE-2024-42845 (An eval Injection vulnerability in the
component invesalius/read
[bookworm] - invesalius <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - invesalius <postponed> (Minor issue)
NOTE:
https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
+ NOTE:
https://github.com/invesalius/invesalius3/commit/020cd6056c30105a870cfea99939282b6ec5640b
CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable
to Incorr ...)
NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42765 (A SQL injection vulnerability in "/login.php" of the Kashipara
Bus Tic ...)
@@ -123358,16 +123360,14 @@ CVE-2023-49986 (A cross-site scripting (XSS)
vulnerability in the component /adm
CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered
to cont ...)
NOT-FOR-US: Cypress Solutions CTM-200
CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA
implemen ...)
- - libgcrypt20 <unfixed> (bug #1065683)
- [bookworm] - libgcrypt20 <postponed> (Minor issue, revisit when fixed
upstream)
- [bullseye] - libgcrypt20 <no-dsa> (Minor issue)
- [buster] - libgcrypt20 <postponed> (Minor issue; side-channel timing
attack)
+ - libgcrypt20 <unfixed> (unimportant; bug #1065683)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
NOTE:
https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
NOTE:
https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://dev.gnupg.org/T7136
NOTE:
https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17
+ NOTE: Not in scope for libgcrypt security policy, work ongoing to add
support in the protocol layer
CVE-2024-1299 (A privilege escalation vulnerability was discovered in GitLab
affectin ...)
- gitlab 16.8.4-1
CVE-2024-0199 (An authorization bypass vulnerability was discovered in GitLab
affecti ...)
@@ -309957,6 +309957,7 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was
discovered to contain an infinite
[bullseye] - libitext-java <no-dsa> (Minor issue)
[buster] - libitext-java <no-dsa> (Minor issue)
- libitext1-java <unfixed> (bug #1059319)
+ [trixie] - libitext1-java <ignored> (Minor issue)
[bookworm] - libitext1-java <ignored> (Minor issue)
[bullseye] - libitext1-java <no-dsa> (Minor issue)
[buster] - libitext1-java <no-dsa> (Minor issue)
@@ -319633,6 +319634,7 @@ CVE-2021-33814
CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows
attackers to c ...)
{DLA-2712-1 DLA-2696-1}
- libjdom2-intellij-java <unfixed> (bug #990673)
+ [trixie] - libjdom2-intellij-java <ignored> (Minor issue)
[bookworm] - libjdom2-intellij-java <ignored> (Minor issue)
[bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d34b25c6e5602bc0597be3a557279ba41405f9ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d34b25c6e5602bc0597be3a557279ba41405f9ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
