Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7edff5e by Moritz Mühlenhoff at 2025-05-02T16:13:01+02:00
more rust-wasmtime assignments
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56762,7 +56762,8 @@ CVE-2024-52043 (Generation of Error Message Containing
Sensitive Informationin H
CVE-2024-51756 (The cap-std project is organized around the eponymous
`cap-std` crate, ...)
NOT-FOR-US: Rust crate cap-std
CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly.
Wasmtime's file ...)
- NOT-FOR-US: wasmtime
+ - rust-wasmtime 26.0.1+dfsg-1
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0438.html
CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote
attacker to ...)
NOT-FOR-US: Linux Server Heimdall
CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer
overflo ...)
@@ -179279,7 +179280,8 @@ CVE-2023-30626 (Jellyfin is a free-software media
system. Versions starting with
CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer
Data Pla ...)
NOT-FOR-US: rudder-server
CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to
versions 6. ...)
- NOT-FOR-US: wasmtime
+ - rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0092.html
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to
version 2, ...)
NOT-FOR-US: embano1/wip GitHub Action
CVE-2023-30622 (Clusternet is a general-purpose system for controlling
Kubernetes clus ...)
@@ -192006,7 +192008,8 @@ CVE-2023-26491 (RSSHub is an open source and
extensible RSS feed generator. When
CVE-2023-26490 (mailcow is a dockerized email package, with multiple
containers linked ...)
NOT-FOR-US: mailcow
CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In
affected ver ...)
- NOT-FOR-US: wasmtime
+ - rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0090.html
CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2023-26487 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
@@ -257896,7 +257899,8 @@ CVE-2022-31147 (The jQuery Validation Plugin
(jquery-validation) provides drop-i
NOTE:
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
NOTE: Fixed by:
https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
(1.19.5)
CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a
bug in th ...)
- NOT-FOR-US: wasmtime
+ - rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0100.html
CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for
managing ent ...)
NOT-FOR-US: FlyteAdmin
CVE-2022-31144 (Redis is an in-memory database that persists on disk. A
specially craf ...)
@@ -281248,7 +281252,8 @@ CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer
written in PHP. A cross-sit
CVE-2022-23637 (K-Box is a web-based application to manage documents, images,
videos a ...)
NOT-FOR-US: K-Box
CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI.
Prior to ve ...)
- NOT-FOR-US: wasmtime
+ - rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0096.html
CVE-2022-23635 (Istio is an open platform to connect, manage, and secure
microservices ...)
NOT-FOR-US: Istio
CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to
`puma` ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7edff5efb4e9f49ebba9fa7b8977ef95d8d82fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7edff5efb4e9f49ebba9fa7b8977ef95d8d82fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
