Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf4aaf95 by Moritz Muehlenhoff at 2025-04-24T17:15:08+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46569,7 +46569,7 @@ CVE-2024-42329 (The webdriver for the Browser object
expects an error object to
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/65c4acee83191158522bc75552912fdce2cac9da
(7.0.4rc1)
NOTE: webdriver introduced with commit
https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
(7.0.0rc1)
CVE-2024-42328 (When the webdriver for the Browser object downloads data from
a HTTP s ...)
- - zabbix <unfixed> (bug #1090029)
+ - zabbix 1:7.0.5+dfsg-1 (bug #1090029)
[bookworm] - zabbix <not-affected> (Vulnerable code introduced later)
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-25624
@@ -56736,6 +56736,7 @@ CVE-2024-50615 (TinyXML2 through 10.0.0 has a reachable
assertion for UINT_MAX/d
NOTE: https://github.com/leethomason/tinyxml2/issues/997
CVE-2024-50614 (TinyXML2 through 10.0.0 has a reachable assertion for
UINT_MAX/16, tha ...)
- tinyxml2 <unfixed> (bug #1088813)
+ [trixie] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/leethomason/tinyxml2/issues/996
@@ -221120,6 +221121,7 @@ CVE-2022-3591 (Use After Free in GitHub repository
vim/vim prior to 9.0.0789.)
NOTE: Crash in CLI tool, no security impact
CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the
pingback ...)
- wordpress <unfixed> (bug #1033251)
+ [trixie] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - wordpress <no-dsa> (Minor issue)
[buster] - wordpress <postponed> (Minor issue)
@@ -278881,12 +278883,16 @@ CVE-2022-23439 (A externally controlled reference
to a resource in another spher
CVE-2022-23438 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
- - libxerces2-java <unfixed> (bug #1016975)
- [bookworm] - libxerces2-java <postponed> (revisit when/if fix is
complete)
+ - libxerces2-java 2.12.2-1 (bug #1016975)
[bullseye] - libxerces2-java <postponed> (revisit when/if fix is
complete)
[buster] - libxerces2-java <postponed> (revisit when/if fix is complete)
[stretch] - libxerces2-java <postponed> (revisit when/if fix is
complete)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
+ NOTE: https://issues.apache.org/jira/browse/XERCESJ-1737
+ NOTE: Confimation of fixing commits:
https://lists.apache.org/thread/8bdbk40hf1oqhyvmdcvtqwr2hwfhhmkt
+ NOTE: The svn.apache.org links are gone, but looking at the Wayback
Machine it's these commits:
+ NOTE:
https://github.com/apache/xerces-j/commit/0a785cfe0d210b5e5b3b020ecfeb67693764aaf4
+ NOTE:
https://github.com/apache/xerces-j/commit/da8efa66241dd63cb34eacb22bc28c3469af91a6
CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to
97.0.46 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
@@ -388839,11 +388845,12 @@ CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer
over-read in Exiv2::Internal
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/756
CVE-2020-18770 (An issue was discovered in function
zzip_disk_entry_to_file_header in ...)
- - zziplib <unfixed> (bug #1054910)
+ - zziplib 0.13.78+dfsg.1-0.1 (bug #1054910)
[bookworm] - zziplib <ignored> (Minor issue)
[bullseye] - zziplib <no-dsa> (Minor issue)
[buster] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/69
+ NOTE:
https://github.com/gdraheim/zziplib/commit/803f49aaae16b7f2899e4769afdfc673a21fa9e8
(v0.13.73)
CVE-2020-18769
RESERVED
CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in
tif_unix.c in ...)
@@ -510298,14 +510305,10 @@ CVE-2018-14030
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS
0.6.2 allo ...)
NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are
not verifi ...)
- - wordpress <unfixed> (bug #906565)
- [bookworm] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
- [bullseye] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
- [buster] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
- [stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
- [jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
+ - wordpress <unfixed> (unimportant; bug #906565)
NOTE: https://core.trac.wordpress.org/ticket/44710
NOTE:
https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
+ NOTE: Negligible security impact
CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the
userid or ...)
NOT-FOR-US: Digisol Wireless Wifi Home Router HR-3300
CVE-2018-14026
@@ -554700,7 +554703,8 @@ CVE-2017-15638 (The SuSEfirewall2 package before
3.6.312-2.13.1 in SUSE Linux En
NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing
algorit ...)
- wordpress <unfixed> (bug #880868)
- [bookworm] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
+ [trixie] - wordpress <ignored> (Minor issue, too intrusive to backport)
+ [bookworm] - wordpress <ignored> (Minor issue, too intrusive to
backport)
[bullseye] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[buster] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[stretch] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
@@ -554709,7 +554713,7 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak
MD5-based password hashing al
NOTE: https://core.trac.wordpress.org/ticket/21022
NOTE: Proposed patch (but not merged):
https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and
following.
- NOTE: Fixed by: https://core.trac.wordpress.org/changeset/59828
+ NOTE: Fixed by: https://core.trac.wordpress.org/changeset/59828 (6.8.0)
CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated
administrat ...)
NOT-FOR-US: TP-Link
CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated
administrat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4aaf958e38d112e2a6c49914c5f6837f6700b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4aaf958e38d112e2a6c49914c5f6837f6700b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
