[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 23 11:18:51 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88871c05 by Moritz Muehlenhoff at 2024-04-23T12:18:21+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -200,7 +200,6 @@ CVE-2024-32493 [SQL injection issue regarding Form IDs when cleaning up drafts]
 	NOTE: https://www.znuny.org/en/advisories/zsa-2024-03
 CVE-2024-32492 [Cross Site Scripting (XSS) in the Customer Portal Ticket View]
 	- znuny <not-affected> (Only affects Znuny from 7.0.1 up to including 7.0.16)
-	[bookworm] - znuny <no-dsa> (Non-free not supported)
 	NOTE: https://www.znuny.org/en/advisories/zsa-2024-02
 CVE-2024-32491 [Directory Traversal via File Upload]
 	- znuny 6.5.8-1
@@ -764,6 +763,8 @@ CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Gr
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is not co ...)
 	- sssd <unfixed>
+	[bookworm] - sssd <no-dsa> (Minor issue)
+	[bullseye] - sssd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762
 	NOTE: https://github.com/SSSD/sssd/pull/7302
 	NOTE: https://github.com/SSSD/sssd/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a (master)
@@ -1043,8 +1044,11 @@ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in
 CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...)
 	- libcoap <removed>
 	- libcoap2 <removed>
+	[bullseye] - libcoap2 <no-dsa> (Minor issue)
 	- libcoap3 <unfixed>
+	[bookworm] - libcoap3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/obgm/libcoap/issues/1351
+	NOTE: https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
 CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...)
 	NOT-FOR-US: phpgurukul Client Management System
 CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php of phpg ...)
@@ -2263,6 +2267,8 @@ CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
 	NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...)
 	- python-scrapy 2.11.1-1
+	[bookworm] - python-scrapy <no-dsa> (Minor issue)
+	[bullseye] - python-scrapy <no-dsa> (Minor issue)
 	NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
 	NOTE: https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
 	NOTE: https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 (2.11.1)
@@ -2270,6 +2276,8 @@ CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to
 	NOT-FOR-US: mlflow
 CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...)
 	- python-scrapy 2.11.1-1
+	[bookworm] - python-scrapy <no-dsa> (Minor issue)
+	[bullseye] - python-scrapy <no-dsa> (Minor issue)
 	NOTE: https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
 	NOTE: https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f (2.11.1)
 	NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
@@ -2683,6 +2691,8 @@ CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerab
 	NOT-FOR-US: JFrog Artifactory Self-Hosted
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
 	- tcpdf 6.7.4+dfsg-1
+	[bookworm] - tcpdf <no-dsa> (Minor issue)
+	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 (6.7.4)
 CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...)
@@ -23530,6 +23540,8 @@ CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 a
 	NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
 CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...)
 	- tcpdf 6.7.5+dfsg-1
+	[bookworm] - tcpdf <no-dsa> (Minor issue)
+	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
 	NOTE: https://github.com/zunak/CVE-2024-22640
 	NOTE: https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679 (6.7.5)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88871c05d500fef5ff492c740b29161b3c507821

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88871c05d500fef5ff492c740b29161b3c507821
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240423/856200b6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list