[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Apr 5 16:16:39 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
448af4d0 by Moritz Muehlenhoff at 2024-04-05T17:16:16+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66,8 +66,8 @@ CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-
CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...)
NOT-FOR-US: Solidworks
CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...)
- - request-tracker4 <unfixed>
- - request-tracker5 <unfixed>
+ - request-tracker4 <unfixed> (bug #1068452)
+ - request-tracker5 <unfixed> (bug #1068453)
NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a
NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...)
@@ -3641,7 +3641,7 @@ CVE-2024-29199 (Nautobot is a Network Source of Truth and Network Automation Pla
CVE-2024-29196 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
NOT-FOR-US: phpMyFAQ
CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT communication ...)
- - azure-uamqp-python <unfixed>
+ - azure-uamqp-python <unfixed> (bug #1068457)
NOTE: https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg
NOTE: https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2
CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geometry ser ...)
@@ -4054,14 +4054,14 @@ CVE-2024-27280 [Buffer overread vulnerability in StringIO]
NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
TODO: check details
CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...)
- - qt6-base <unfixed>
+ - qt6-base <unfixed> (bug #1068454)
- qtbase-opensource-src <unfixed>
- qtbase-opensource-src-gles <unfixed>
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314
NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365
TODO: check details
CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...)
- - varnish <unfixed>
+ - varnish <unfixed> (bug #1068455)
[bookworm] - varnish <ignored> (Minor issue, too intrusive to backport)
[bullseye] - varnish <ignored> (Minor issue, too intrusive to backport)
NOTE: https://varnish-cache.org/security/VSV00014.html
@@ -4593,7 +4593,7 @@ CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum co
CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...)
NOT-FOR-US: Owncast
CVE-2024-29018 (Moby is an open source container framework that is a key component of ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (bug #1068460)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx
NOTE: https://github.com/moby/moby/pull/46609
CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability)
@@ -4863,117 +4863,117 @@ CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin
CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...)
NOT-FOR-US: DOraCMS
CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
@@ -5775,7 +5775,7 @@ CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and cla
CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
NOT-FOR-US: AndroidWeatherApp
CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...)
- - murano <unfixed>
+ - murano <unfixed> (bug #1068459)
NOTE: https://bugs.launchpad.net/murano/+bug/2048114
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093
NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable:
@@ -6150,12 +6150,12 @@ CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cr
CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...)
NOT-FOR-US: TOTOLINK
CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2763
NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e
CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2764
NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716
@@ -7687,12 +7687,12 @@ CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk
CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk
CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2641
NOTE: https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a
CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2642
NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341
@@ -16014,16 +16014,16 @@ CVE-2024-24397 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft
CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...)
NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS
CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md
CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md
CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1068462)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/448af4d061ce1f57359a5779d6418b8bdfd89606
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/448af4d061ce1f57359a5779d6418b8bdfd89606
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/9b6a5d98/attachment.htm>
More information about the debian-security-tracker-commits
mailing list