[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 19 20:12:35 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56db434c by security tracker role at 2024-02-19T20:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
-CVE-2024-26308 [Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file]
+CVE-2024-25983 (Insufficient checks in a web service made it possible to add comments ...)
+ TODO: check
+CVE-2024-25982 (The link to update all installed language packs did not include the ne ...)
+ TODO: check
+CVE-2024-25981 (Separate Groups mode restrictions were not honored when performing a f ...)
+ TODO: check
+CVE-2024-25980 (Separate Groups mode restrictions were not honored in the H5P attempts ...)
+ TODO: check
+CVE-2024-25979 (The URL parameters accepted by forum search were not limited to the al ...)
+ TODO: check
+CVE-2024-25978 (Insufficient file size checks resulted in a denial of service risk in ...)
+ TODO: check
+CVE-2024-25640 (Iris is a web collaborative platform that helps incident responders sh ...)
+ TODO: check
+CVE-2024-25636 (Misskey is an open source, decentralized social media platform with Ac ...)
+ TODO: check
+CVE-2024-25635 (alf.io is an open source ticket reservation system. Prior to version 2 ...)
+ TODO: check
+CVE-2024-25634 (alf.io is an open source ticket reservation system. Prior to version 2 ...)
+ TODO: check
+CVE-2024-25626 (Yocto Project is an open source collaboration project that helps devel ...)
+ TODO: check
+CVE-2024-25625 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A po ...)
+ TODO: check
+CVE-2024-25623 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...)
+ TODO: check
+CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...)
+ TODO: check
+CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding ...)
+ TODO: check
+CVE-2024-1346 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...)
+ TODO: check
+CVE-2024-1345 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...)
+ TODO: check
+CVE-2024-1344 (Encrypted database credentials in LaborOfficeFree affecting version 19 ...)
+ TODO: check
+CVE-2024-1343 (A weak permission was found in the backup directory in LaborOfficeFree ...)
+ TODO: check
+CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...)
+ TODO: check
+CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- libcommons-compress-java <unfixed>
[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
[bullseye] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
[buster] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2
-CVE-2024-25710 [Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file]
+CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
- libcommons-compress-java <unfixed>
[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
@@ -3499,7 +3541,7 @@ CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in its
NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0)
CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...)
- {DSA-5615-1}
+ {DSA-5615-1 DLA-3735-1}
- runc 1.1.12+ds1-1 (bug #1062532)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -161701,7 +161743,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affect
CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
NOT-FOR-US: @joeattardi/emoji-button
CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...)
- {DLA-2841-1}
+ {DLA-3735-1 DLA-2841-1}
- runc 1.0.3+ds1-1
[bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240219/ad3e9867/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list