[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d3e18f8 by Salvatore Bonaccorso at 2024-05-13T06:14:26+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2024-34064 as postponed for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 874fd2fb by Thorsten Alteholz at 2024-05-13T00:36:43+02:00 mark CVE-2024-34064 as postponed for Buster - - - - - cb66bf1c by Thorsten Alteholz at 2024-05-13T00:40:55+02:00 mark CVE-2024-27306 as postponed for Buster - - - - - 1f64abb2 by Thorsten Alteholz at 2024-05-13T00:41:42+02:00 mark CVE-2024-27305 as postponed for Buster - - - - - a7ca5f03 by Thorsten Alteholz at 2024-05-13T00:42:51+02:00 mark CVE-2024-34062 as postponed for Buster - - - - - 84844f5d by Thorsten Alteholz at 2024-05-13T00:44:49+02:00 mark CVE-2024-30251 as postponed for Buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1622,6 +1622,7 @@ CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter i - jinja2 (bug #1070712) [bookworm] - jinja2 (Minor issue) [bullseye] - jinja2 (Minor issue) + [buster] - jinja2 (Minor issue) NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4) CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects ...) @@ -2149,6 +2150,7 @@ CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any opti - tqdm 4.66.4-1 (bug #1070372) [bookworm] - tqdm (Minor issue) [bullseye] - tqdm (Minor issue) + [buster] - tqdm (Minor issue) NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p NOTE: Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3) CVE-2024-34061 (changedetection.io is a free open source web page change detection, we ...) @@ -3985,6 +3987,7 @@ CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. - wildfly (bug #752018) CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp (bug #1070364) + [buster] - python-aiohttp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4 NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84 NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19 (v3.9.4) @@ -7478,6 +7481,7 @@ CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyn - python-aiohttp (bug #1070665) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g NOTE: https://github.com/aio-libs/aiohttp/pull/8319 NOTE: https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 (v3.9.4) @@ -19676,6 +19680,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas - python-aiosmtpd (bug #1066820) [bookworm] - python-aiosmtpd (Minor issue) [bullseye] - python-aiosmtpd (Minor issue) + [buster] - python-aiosmtpd (Minor issue) NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bf304d059528d0aea893d09bad1d6b976c901...84844f5de337102637e3b5eafea78e46bc4889c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: mark two CVEs of uriparser as postponed for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: e475ebd2 by Thorsten Alteholz at 2024-05-13T00:13:34+02:00 mark two CVEs of uriparser as postponed for Buster - - - - - 19f8d943 by Thorsten Alteholz at 2024-05-13T00:23:33+02:00 mark CVE-2024-4340 as postponed for Buster - - - - - c68bf304 by Thorsten Alteholz at 2024-05-13T00:31:37+02:00 mark CVE-2024-34069 as postponed for Buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1614,6 +1614,7 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de - python-werkzeug 3.0.3-1 (bug #1070711) [bookworm] - python-werkzeug (Minor issue) [bullseye] - python-werkzeug (Minor issue) + [buster] - python-werkzeug (Minor issue) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3) NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3) @@ -2112,10 +2113,12 @@ CVE-2024-34404 (A vulnerability was discovered in the Alta Recovery Vault featur NOT-FOR-US: Veritas NetBackup CVE-2024-34403 (An issue was discovered in uriparser through 0.9.7. ComposeQueryMalloc ...) - uriparser (bug #1070376) + [buster] - uriparser (Minor issue) NOTE: https://github.com/uriparser/uriparser/issues/183 NOTE: https://github.com/uriparser/uriparser/pull/186 CVE-2024-34402 (An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine ...) - uriparser (bug #1070376) + [buster] - uriparser (Minor issue) NOTE: https://github.com/uriparser/uriparser/pull/185 NOTE: https://github.com/uriparser/uriparser/issues/183 CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ ...) @@ -5063,6 +5066,7 @@ CVE-2023-52647 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1) CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) - sqlparse 0.5.0-1 (bug #1070148) + [buster] - sqlparse (Minor issue) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 (0.5.0) NOTE: https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b99cbba14a322cce60893acc538acfa19a70e29...c68bf304d059528d0aea893d09bad1d6b976c901 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b99cbba14a322cce60893acc538acfa19a70e29...c68bf304d059528d0aea893d09bad1d6b976c901 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: unclaim pymongo (no work done)
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b99cbba by Sean Whitton at 2024-05-12T22:53:35+01:00 LTS: unclaim pymongo (no work done) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -224,7 +224,7 @@ putty (rouca) NOTE: 20240412: Wait for comments by maintainer NOTE: 20240430: Backport fixes for CVE-2024-31497 wait review -- -pymongo (Sean Whitton) +pymongo NOTE: 20240420: Added by Front-Desk (apo) -- pypy3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b99cbba14a322cce60893acc538acfa19a70e29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b99cbba14a322cce60893acc538acfa19a70e29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-29025,netty: fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 79525999 by Markus Koschany at 2024-05-12T22:19:04+02:00 CVE-2024-29025,netty: fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16335,7 +16335,7 @@ CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote at CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) - - netty (bug #1068110) + - netty 1:4.1.48-10 (bug #1068110) [bookworm] - netty (Minor issue, fix along with future update) [bullseye] - netty (Minor issue, fix along with future update) [buster] - netty (Minor issue, HTTP multipart DoS, fix along with future update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79525999a858fc478bd9db7da3bcf20397e594cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79525999a858fc478bd9db7da3bcf20397e594cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7ceb659 by security tracker role at 2024-05-12T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-4799 (A vulnerability, which was classified as critical, was found in
Kaship ...)
+ TODO: check
+CVE-2024-4798 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
NOT-FOR-US: Campcodes Online Laundry Management System
CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
@@ -30710,6 +30714,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions
2.3.5SK.30084998 and prior are v
CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled
input, w ...)
NOT-FOR-US: IceHrm
CVE-2023-52076 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
+ {DSA-5688-1}
- atril 1.26.2-1 (bug #1061522)
NOTE:
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
NOTE:
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-48655/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6160598 by Salvatore Bonaccorso at 2024-05-12T21:00:28+02:00 Update status for CVE-2022-48655/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5608,6 +5608,7 @@ CVE-2022-48656 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e (6.0-rc7) CVE-2022-48655 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e9076ffbcaed5da6c182b144ef9f6e24554af268 (6.0-rc7) CVE-2022-48654 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6160598345fda505d505e66d248a87f47a85f90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6160598345fda505d505e66d248a87f47a85f90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for sqlparse issue fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba0493e6 by Salvatore Bonaccorso at 2024-05-12T20:58:38+02:00 Track fixed version for sqlparse issue fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5058,7 +5058,7 @@ CVE-2023-52647 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1) CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) - - sqlparse (bug #1070148) + - sqlparse 0.5.0-1 (bug #1070148) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 (0.5.0) NOTE: https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0493e6a63c35209cceda7c225449a9dd131bd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0493e6a63c35209cceda7c225449a9dd131bd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] atril DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0009ae42 by Moritz Mühlenhoff at 2024-05-12T15:13:50+02:00
atril DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -33095,7 +33095,7 @@ CVE-2023-51804 (An issue in rymcu forest v.0.02 allows
a remote attacker to obta
CVE-2023-51698 (Atril is a simple multi-page document viewer. Atril is
vulnerable to a ...)
- atril 1.26.1-4 (bug #1060751)
[bookworm] - atril 1.26.0-2+deb12u2
- [bullseye] - atril (Minor issue)
+ [bullseye] - atril 1.24.0-1+deb11u1
- evince 3.25.92-1
NOTE:
https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
NOTE: Fixed by:
https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[12 May 2024] DSA-5688-1 atril - security update
+ {CVE-2023-52076}
+ [bullseye] - atril 1.24.0-1+deb11u1
+ [bookworm] - atril 1.26.0-2+deb12u3
[10 May 2024] DSA-5687-1 chromium - security update
{CVE-2024-4671}
[bookworm] - chromium 124.0.6367.201-1~deb12u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-atril (jmm)
--
dnsdist (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0009ae42154ddd3bfe9b5c0bcf7eb37e688e4d40
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0009ae42154ddd3bfe9b5c0bcf7eb37e688e4d40
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] python-future removed from unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 41c4b2a7 by Salvatore Bonaccorso at 2024-05-12T14:27:40+02:00 python-future removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -124745,7 +124745,7 @@ CVE-2022-40901 CVE-2022-40900 RESERVED CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...) - - python-future (bug #1031699) + - python-future (bug #1031699) [bookworm] - python-future (Minor issue) [bullseye] - python-future (Minor issue) [buster] - python-future (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c4b2a7eaa536cb918bcbe5d9868172a581dcbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c4b2a7eaa536cb918bcbe5d9868172a581dcbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 658ade88 by Salvatore Bonaccorso at 2024-05-12T13:20:38+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) - TODO: check + NOT-FOR-US: Contemporary Control System BASrouter BACnet BASRT-B CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658ade8852b9a432c53f0a267d44e372a0485458 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658ade8852b9a432c53f0a267d44e372a0485458 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ec72f73 by security tracker role at 2024-05-12T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) + TODO: check +CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a693b61e by Salvatore Bonaccorso at 2024-05-12T08:57:15+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,33 +27,33 @@ CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Fe CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) NOT-FOR-US: Huawei CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) - TODO: check + NOT-FOR-US: HP CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) TODO: check CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) @@ -239,7 +239,7 @@ CVE-2024-31113 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital CVE-2024-30802 (An issue in Vehicle Management System 7.31.0.3_20230412 allows an atta ...) NOT-FOR-US: Vehicle Management System CVE-2024-30801 (SQL Injection vulnerability in Cloud based customer service management ...) - TODO: check + NOT-FOR-US: Cloud based customer service management platform CVE-2024-30055 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-2749 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a693b61e284dc2dbd655e4549ec66dd0064b25ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a693b61e284dc2dbd655e4549ec66dd0064b25ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
