[Git][security-tracker-team/security-tracker][master] Mark nomad as removed now from unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 29 21:42:21 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f8ff200 by Salvatore Bonaccorso at 2023-07-29T22:41:34+02:00
Mark nomad as removed now from unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -875,12 +875,12 @@ CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and surfi
 CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...)
-	- nomad <unfixed>
+	- nomad <removed>
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...)
 	- nomad <not-affected> (Specific to Nomad Enterprise)
 CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL  ...)
-	- nomad <unfixed>
+	- nomad <removed>
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
 CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse the reg ...)
 	NOT-FOR-US: Weincloud
@@ -26147,7 +26147,7 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices throu
 CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...)
-	- nomad <unfixed> (bug #1034181)
+	- nomad <removed> (bug #1034181)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292
 CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...)
@@ -60497,7 +60497,7 @@ CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerabi
 CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
-	- nomad <unfixed> (bug #1021670)
+	- nomad <removed> (bug #1021670)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
 CVE-2022-41605
@@ -108503,22 +108503,22 @@ CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.1
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
 	NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (v1.9.15)
 CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
 CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
 	NOTE: https://github.com/hashicorp/nomad/issues/12038
 CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
 	NOTE: https://github.com/hashicorp/nomad/issues/12039
 	NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6)
 CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
@@ -127730,7 +127730,7 @@ CVE-2021-43417
 CVE-2021-43416
 	RESERVED
 CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
 	NOTE: https://github.com/hashicorp/nomad/issues/11542
@@ -146037,7 +146037,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer all
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
 	NOTE: https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103
 CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server  ...)
-	- nomad <unfixed> (bug #1021273)
+	- nomad <removed> (bug #1021273)
 	[bullseye] - nomad <no-dsa> (Minor issue)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
 	NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8ff200c24efdb22592dfad2f5820ed63331c8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8ff200c24efdb22592dfad2f5820ed63331c8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230729/f012c3ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list