[Git][security-tracker-team/security-tracker][master] automatic update

Sun Feb 4 20:44:34 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37b4736a by security tracker role at 2024-02-04T20:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
+	TODO: check
+CVE-2023-6240 (A Marvin vulnerability side-channel leakage was found in the RSA decry ...)
+	TODO: check
+CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DT ...)
+	TODO: check
+CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...)
+	TODO: check
+CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...)
+	TODO: check
+CVE-2018-25098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmaso ...)
+	TODO: check
 CVE-2023-50947 (IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnera ...)
 	NOT-FOR-US: IBM
 CVE-2023-33851 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...)
@@ -555,6 +567,7 @@ CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in its
 	NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0)
 CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...)
+	{DSA-5615-1}
 	- runc 1.1.12+ds1-1 (bug #1062532)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -2949,7 +2962,7 @@ CVE-2023-48340 (In video decoder, there is a possible out of bounds write due to
 	NOT-FOR-US: Unisoc
 CVE-2023-48339 (In jpg driver, there is a possible missing permission check. This coul ...)
 	NOT-FOR-US: Unisoc
-CVE-2021-4435 [untrusted search path]
+CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a victi ...)
 	- node-yarnpkg <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284
 	TODO: check, too few details in RHBZ#2262284



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b4736ac57e2bf07a3b3885fa9bc08d33f014e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b4736ac57e2bf07a3b3885fa9bc08d33f014e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240204/85763ce2/attachment.htm>
