[Git][security-tracker-team/security-tracker][master] new ruby-rack-cors issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Feb 26 12:52:15 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99f819b7 by Moritz Muehlenhoff at 2024-02-26T13:51:28+01:00
new ruby-rack-cors issue
resolve a few TODOs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...)
- TODO: check
+ - ruby-rack-cors <unfixed>
+ NOTE: https://github.com/cyu/rack-cors/issues/274
CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...)
NOT-FOR-US: Bentley
CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...)
@@ -4390,7 +4391,7 @@ CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in
CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...)
- cpio <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249901
- TODO: check upstream reporting
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-02/msg00000.html
CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attac ...)
NOT-FOR-US: Ember ZNet
CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...)
@@ -5296,7 +5297,6 @@ CVE-2024-1062 (A heap overflow flaw was found in 389-ds-base. This issue leads t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711
NOTE: https://github.com/389ds/389-ds-base/issues/5647
- TODO: check details
CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...)
- opensc 0.25.0~rc1-1 (bug #1064189)
[bookworm] - opensc <no-dsa> (Minor issue)
@@ -7543,7 +7543,6 @@ CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a
[buster] - node-yarnpkg <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284
NOTE: Fixed by: https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 (v1.22.12)
- TODO: check, too few details in RHBZ#2262284
CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...)
NOT-FOR-US: Karjasoft Sami HTTP Server
CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99f819b7d3826cde5588de7fa246d9d3814ca9b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99f819b7d3826cde5588de7fa246d9d3814ca9b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/2ffadbc9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list