[Git][security-tracker-team/security-tracker][master] Add two glpi issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 1 20:27:22 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0914a44 by Salvatore Bonaccorso at 2024-02-01T21:26:45+01:00
Add two glpi issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,10 @@ CVE-2024-24059 (springboot-manager v1.6 is vulnerable to Arbitrary File Upload.
 CVE-2024-23832 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x
+	NOTE: https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0
+	NOTE: https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a
 CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A deseria ...)
 	NOT-FOR-US: Dataease
 CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remo ...)
@@ -115,7 +118,9 @@ CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When authenti ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
+	NOTE: https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
 CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers  ...)
 	NOT-FOR-US: Fronius Datalogger Web
 CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0914a4482d5ab528858e6c9edd57791d46b3358

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0914a4482d5ab528858e6c9edd57791d46b3358
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/e834247c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list