[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2024-25260/elfutils
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 20 22:03:53 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7095a387 by Salvatore Bonaccorso at 2024-02-20T23:03:34+01:00
Add CVE-2024-25260/elfutils
- - - - -
84a6fa4e by Salvatore Bonaccorso at 2024-02-20T23:03:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,10 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile
CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
TODO: check
CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer dereference v ...)
- TODO: check
+ - elfutils <unfixed> (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31058
+ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
+ NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...)
TODO: check
CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...)
@@ -118,11 +121,11 @@ CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in ve
CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink X6000R ...)
NOT-FOR-US: Totolink
CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of privil ...)
- TODO: check
+ NOT-FOR-US: OPPO
CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs showed e ...)
TODO: check
CVE-2024-1556 (The incorrect object was checked for NULL in the built-in profiler, po ...)
@@ -404,7 +407,7 @@ CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely
CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...)
NOT-FOR-US: Suite CRM
CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GAT ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240220/6a289e33/attachment.htm>
More information about the debian-security-tracker-commits
mailing list