[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 9 15:52:50 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a75fc461 by Moritz Muehlenhoff at 2024-02-09T16:52:18+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0
 CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
 	NOT-FOR-US: Grav CMS
 CVE-2023-4639 [Cookie Smuggling/Spoofing]
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1063539)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
 CVE-2023-3966 [Invalid memory access in Geneve with HW offload]
 	- openvswitch <unfixed> (bug #1063492)
@@ -115,7 +115,7 @@ CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify
 CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...)
 	NOT-FOR-US: l8w8jwt
 CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...)
-	- libjwt <unfixed>
+	- libjwt <unfixed> (bug #1063534)
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md
 	NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf
 	NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6
@@ -191,7 +191,7 @@ CVE-2023-50061 (PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulner
 CVE-2023-47020 (Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Ha ...)
 	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker to ex ...)
-	- node-ip <unfixed>
+	- node-ip <unfixed> (bug #1063535)
 	NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/
 	NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
 CVE-2024-0985 (Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in Postg ...)
@@ -295,14 +295,14 @@ CVE-2024-24823 (Graylog is a free and open log management platform. Starting in
 CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...)
 	NOT-FOR-US: Pimcore's Admin Classic Bundle
 CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
-	- ckeditor <unfixed>
-	- ckeditor3 <unfixed>
+	- ckeditor <unfixed> (bug #1063536)
+	- ckeditor3 <unfixed> (bug #1063537)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
 CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
-	- ckeditor <unfixed>
-	- ckeditor3 <unfixed>
+	- ckeditor <unfixed> (bug #1063536)
+	- ckeditor3 <unfixed> (bug #1063537)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
@@ -925,7 +925,7 @@ CVE-2023-32451 (Dell Display Manager application, version 2.1.1.17, contains a v
 CVE-2024-24768 (1Panel is an open source Linux server operation and maintenance manage ...)
 	NOT-FOR-US: 1Panel
 CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+ based on ...)
-	- python-multipart <unfixed>
+	- python-multipart <unfixed> (bug #1063538)
 	NOTE: Original report at fastapi: https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
 	NOTE: But the fix is within python-multipart:
 	NOTE: https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4
@@ -47916,7 +47916,7 @@ CVE-2023-1933
 	RESERVED
 CVE-2023-1932 [rendering of invalid html with SafeHTML leads to HTML injection and XSS]
 	RESERVED
-	- libhibernate-validator-java <unfixed>
+	- libhibernate-validator-java <unfixed> (bug #1063540)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
 CVE-2023-1931 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WP Fastest Cache plugin for WordPress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75fc461305358644dc5b420e2d9e5630977ddaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75fc461305358644dc5b420e2d9e5630977ddaa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/82be2934/attachment.htm>

More information about the debian-security-tracker-commits mailing list