[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 23 15:35:32 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e5ac7fb by Moritz Muehlenhoff at 2024-02-23T16:35:04+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -128,14 +128,14 @@ CVE-2023-44379 (baserCMS is a website development framework. Prior to version 5.
CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not use or req ...)
NOT-FOR-US: Sametime Connect
CVE-2024-26141 [Reject Range headers which are too large]
- - ruby-rack <unfixed>
+ - ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE: https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1)
CVE-2024-25126 [Fixed ReDoS in Content Type header parsing]
- - ruby-rack <unfixed>
+ - ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
CVE-2024-26146 [Fixed ReDoS in Accept header parsing]
- - ruby-rack <unfixed>
+ - ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE: https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1)
CVE-2024-26592 (In the Linux kernel, the following vulnerability has been resolved: k ...)
@@ -384,7 +384,7 @@ CVE-2024-24476 (A buffer overflow in Wireshark before 4.2.0 allows a remote atta
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19344
NOTE: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library ...)
- - pymatgen <unfixed>
+ - pymatgen <unfixed> (bug #1064514)
NOTE: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
NOTE: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
@@ -697,7 +697,7 @@ CVE-2024-25366 (Buffer Overflow vulnerability in mz-automation.de libiec61859 v.
CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile/uploa ...)
NOT-FOR-US: Novel-Plus
CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1064517)
NOTE: https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
NOTE: https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912
NOTE: https://github.com/TeX-Live/texlive-source/pull/63
@@ -1200,7 +1200,7 @@ CVE-2024-1344 (Encrypted database credentials in LaborOfficeFree affecting versi
CVE-2024-1343 (A weak permission was found in the backup directory in LaborOfficeFree ...)
NOT-FOR-US: LaborOfficeFree
CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...)
- - fastdds <unfixed>
+ - fastdds <unfixed> (bug #1064515)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
NOTE: https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5ac7fb85f4e8f137d729647bdffe296a985610
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5ac7fb85f4e8f137d729647bdffe296a985610
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/ad6a9f55/attachment.htm>
More information about the debian-security-tracker-commits
mailing list