[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
518daeec by Moritz Muehlenhoff at 2024-04-11T17:49:05+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,7 +120,7 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-la
 CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...)
 	NOT-FOR-US: huggingface/transformers
 CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1068822)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273
 CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...)
@@ -535,7 +535,7 @@ CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
 CVE-2024-3447
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1068821)
 	NOTE: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/
 	NOTE: https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
@@ -594,10 +594,10 @@ CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress
 CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...)
-	- sngrep <unfixed>
+	- sngrep <unfixed> (bug #1068818)
 	NOTE: https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1)
 CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...)
-	- sngrep <unfixed>
+	- sngrep <unfixed> (bug #1068818)
 	NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1)
 CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...)
 	NOT-FOR-US: WordPress plugin
@@ -696,7 +696,7 @@ CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to Stored
 CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1068820)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211
 	NOTE: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
 CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...)
@@ -15356,7 +15356,7 @@ CVE-2023-44308 (Open redirect vulnerability in adaptive media administration pag
 CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key  ...)
 	NOT-FOR-US: Yealink
 CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability impacts a se ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1068817)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
 CVE-2024-25983 (Insufficient checks in a web service made it possible to add comments  ...)
 	- moodle <removed>
@@ -15431,14 +15431,14 @@ CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache Camel
 CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache Camel SQL Co ...)
 	NOT-FOR-US: Apache Camel
 CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1068819)
 	[bookworm] - qemu <no-dsa> (Minor issue)
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/7c0fa8dff811b5648964630a1334c3bb97e1e1c6 (v7.0.0-rc0)
 	NOTE: https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org
 CVE-2024-26327 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1068819)
 	[bookworm] - qemu <no-dsa> (Minor issue)
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -16938,7 +16938,7 @@ CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-o
 CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: lambda-middleware frameguard
 CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue may a ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1068816)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475
 CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC driver in  ...)
 	- opensc 0.25.0~rc1-1
@@ -63227,7 +63227,7 @@ CVE-2023-30468
 	RESERVED
 CVE-2023-1973
 	RESERVED
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1068815)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662
 CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...)
 	NOT-FOR-US: Milesight



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518daeec548e029080ea0dc66597c7a6839fa41d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518daeec548e029080ea0dc66597c7a6839fa41d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240411/000f8ce9/attachment.htm>