Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f17286b by Dylan Aïssi at 2024-05-16T10:11:09+02:00
Update dlt-daemon CVEs
- - - - -
80f9f616 by Salvatore Bonaccorso at 2024-05-16T12:17:38+00:00
Merge branch 'wip/daissi/dlt-daemon' into 'master'
Update dlt-daemon CVEs
See merge request security-tracker-team/security-tracker!175
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50284,7 +50284,9 @@ CVE-2023-38552 (When the Node.js policy feature checks
the integrity of a resour
NOTE:
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
NOTE:
https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was
discover ...)
- NOT-FOR-US: COVESA
+ - dlt-daemon 2.18.9-1
+ NOTE: https://github.com/COVESA/dlt-daemon/issues/436
+ NOTE:
https://github.com/COVESA/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899
(2.18.9)
CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution
of Unauth ...)
NOT-FOR-US: Ivanti
CVE-2023-35083 (Allows an authenticated attacker with network access to read
arbitrary ...)
@@ -87739,7 +87741,9 @@ CVE-2023-26259
CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass.
The method ...)
NOT-FOR-US: Arcserve
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems
Alliance (COV ...)
- NOT-FOR-US: Connected Vehicle Systems Alliance
+ - dlt-daemon 2.18.9-1
+ NOTE: https://github.com/COVESA/dlt-daemon/issues/440
+ NOTE:
https://github.com/COVESA/dlt-daemon/commit/b6149e203f919c899fefc702a17fbb78bdec3700
(2.18.9)
CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the
"STAGIL Na ...)
NOT-FOR-US: Plugin for Jira
CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the
"STAGIL Na ...)
@@ -128623,9 +128627,11 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins
to conduct stored XSS attacks
CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows
remote file ...)
NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
- NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
+ - dlt-daemon 2.18.9-1
+ NOTE:
https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272
(2.18.9)
CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
- NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
+ - dlt-daemon 2.18.9-1
+ NOTE:
https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272
(2.18.9)
CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The
vulnerability allo ...)
- gajim 1.5.0-1
[bullseye] - gajim <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
