[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56db434c by security tracker role at 2024-02-19T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
-CVE-2024-26308 [Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file]
+CVE-2024-25983 (Insufficient checks in a web service made it possible to add comments  ...)
+	TODO: check
+CVE-2024-25982 (The link to update all installed language packs did not include the ne ...)
+	TODO: check
+CVE-2024-25981 (Separate Groups mode restrictions were not honored when performing a f ...)
+	TODO: check
+CVE-2024-25980 (Separate Groups mode restrictions were not honored in the H5P attempts ...)
+	TODO: check
+CVE-2024-25979 (The URL parameters accepted by forum search were not limited to the al ...)
+	TODO: check
+CVE-2024-25978 (Insufficient file size checks resulted in a denial of service risk in  ...)
+	TODO: check
+CVE-2024-25640 (Iris is a web collaborative platform that helps incident responders sh ...)
+	TODO: check
+CVE-2024-25636 (Misskey is an open source, decentralized social media platform with Ac ...)
+	TODO: check
+CVE-2024-25635 (alf.io is an open source ticket reservation system. Prior to version 2 ...)
+	TODO: check
+CVE-2024-25634 (alf.io is an open source ticket reservation system. Prior to version 2 ...)
+	TODO: check
+CVE-2024-25626 (Yocto Project is an open source collaboration project that helps devel ...)
+	TODO: check
+CVE-2024-25625 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A po ...)
+	TODO: check
+CVE-2024-25623 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...)
+	TODO: check
+CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...)
+	TODO: check
+CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding  ...)
+	TODO: check
+CVE-2024-1346 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...)
+	TODO: check
+CVE-2024-1345 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...)
+	TODO: check
+CVE-2024-1344 (Encrypted database credentials in LaborOfficeFree affecting version 19 ...)
+	TODO: check
+CVE-2024-1343 (A weak permission was found in the backup directory in LaborOfficeFree ...)
+	TODO: check
+CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the  ...)
+	TODO: check
+CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	- libcommons-compress-java <unfixed>
 	[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
 	[bullseye] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	[buster] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2
-CVE-2024-25710 [Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file]
+CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
 	- libcommons-compress-java <unfixed>
 	[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
 	[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
@@ -3499,7 +3541,7 @@ CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in its
 	NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0)
 CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...)
-	{DSA-5615-1}
+	{DSA-5615-1 DLA-3735-1}
 	- runc 1.1.12+ds1-1 (bug #1062532)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -161701,7 +161743,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affect
 CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
 	NOT-FOR-US: @joeattardi/emoji-button
 CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...)
-	{DLA-2841-1}
+	{DLA-3735-1 DLA-2841-1}
 	- runc 1.0.3+ds1-1
 	[bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56db434c32a304a445a9b619f4774b4285428c30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240219/ad3e9867/attachment-0001.htm>