Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7fb7e2f5 by Salvatore Bonaccorso at 2026-06-30T23:38:24+02:00
Adjust some older CVEs for woodpecker

- - - - -
d470046f by Salvatore Bonaccorso at 2026-06-30T23:38:50+02:00
Add new issues for woodpecker, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-58372 (SeaweedFS before 4.34 contains a path 
traversal vulnerability in
 CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter 
verbatim i ...)
        TODO: check
 CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers 
bypass list  ...)
-       TODO: check
+       - woodpecker <itp> (bug #1008934)
 CVE-2026-58369 (Woodpecker before 3.15.0 registers the 
/api/orgs/lookup/*org_full_name ...)
-       TODO: check
+       - woodpecker <itp> (bug #1008934)
 CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes 
workflo ...)
        NOT-FOR-US: RuoYi-Vue-Plus
 CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an 
imported se ...)
@@ -267333,9 +267333,9 @@ CVE-2024-41172 (In versions of Apache CXF before 
3.6.4 and 4.0.5 (3.5.x and lowe
 CVE-2024-41124 (Puncia is the Official CLI utility for Subdomain Center & 
Exploit Obse ...)
        NOT-FOR-US: Puncia
 CVE-2024-41122 (Woodpecker is a simple yet powerful CI/CD engine with great 
extensibil ...)
-       NOT-FOR-US: Woodpecker
+       - woodpecker <itp> (bug #1008934)
 CVE-2024-41121 (Woodpecker is a simple yet powerful CI/CD engine with great 
extensibil ...)
-       NOT-FOR-US: Woodpecker
+       - woodpecker <itp> (bug #1008934)
 CVE-2024-41107 (The CloudStack SAML authentication (disabled by default) does 
not enfo ...)
        NOT-FOR-US: Apache CloudStack
 CVE-2024-40400 (An arbitrary file upload vulnerability in the image upload 
function of ...)
@@ -348315,7 +348315,7 @@ CVE-2023-40252 (Improper Control of Generation of 
Code ('Code Injection') vulner
 CVE-2023-40251 (Missing Encryption of Sensitive Data vulnerability in Genians 
Genian N ...)
        NOT-FOR-US: Genians
 CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In 
affected ver ...)
-       NOT-FOR-US: Woodpecker
+       - woodpecker <itp> (bug #1008934)
 CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by 
a vulne ...)
        NOT-FOR-US: Flarum
 CVE-2023-40021 (Oppia is an online learning platform. When comparing a 
received CSRF t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33...d470046fa6c9779d17ef153805bac1859953f578

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33...d470046fa6c9779d17ef153805bac1859953f578
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to