[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2024-21633 in apktool for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Tue Jan 16 10:09:32 GMT 2024
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88245c67 by Chris Lamb at 2024-01-16T10:06:46+00:00
Triage CVE-2024-21633 in apktool for buster LTS.
- - - - -
0ed57bad by Chris Lamb at 2024-01-16T10:07:14+00:00
Triage CVE-2023-51441 in axis for buster LTS.
- - - - -
42eda358 by Chris Lamb at 2024-01-16T10:08:28+00:00
Triage CVE-2023-51074 in jayway-jsonpath for buster LTS.
- - - - -
bab9a888 by Chris Lamb at 2024-01-16T10:08:52+00:00
Triage CVE-2021-46900 in sympa for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2349,6 +2349,7 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In
- apktool 2.7.0+dfsg-7 (bug #1060013)
[bookworm] - apktool <no-dsa> (Minor issue)
[bullseye] - apktool <no-dsa> (Minor issue)
+ [buster] - apktool <no-dsa> (Minor issue)
NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w
NOTE: https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712
CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...)
@@ -2865,6 +2866,7 @@ CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lb
CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain security ...)
- sympa 6.2.66~dfsg-1
[bullseye] - sympa <no-dsa> (Minor issue)
+ [buster] - sympa <no-dsa> (Minor issue)
NOTE: https://www.sympa.community/security/2021-001.html
NOTE: https://github.com/sympa-community/sympa/issues/1091
CVE-2023-7192 (A memory leak problem was found in ctnetlink_create_conntrack in net/n ...)
@@ -3335,6 +3337,7 @@ CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via
- jayway-jsonpath <unfixed>
[bookworm] - jayway-jsonpath <no-dsa> (Minor issue)
[bullseye] - jayway-jsonpath <no-dsa> (Minor issue)
+ [buster] - jayway-jsonpath <no-dsa> (Minor issue)
NOTE: https://github.com/json-path/JsonPath/issues/973
CVE-2023-51010 (An issue in the export component AdSdkH5Activity of com.sdjictec.qdmet ...)
NOT-FOR-US: com.sdjictec.qdmetro
@@ -22731,6 +22734,7 @@ CVE-2023-51441 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulner
- axis <unfixed> (bug #1060169)
[bookworm] - axis <no-dsa> (Minor issue)
[bullseye] - axis <no-dsa> (Minor issue)
+ [buster] - axis <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/05/2
NOTE: Fixed by: https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/362cd7a860ae840c4bc575fae85aeb14d72aa585...bab9a88841dd33c4927ec40697ab3ebe25d07969
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/362cd7a860ae840c4bc575fae85aeb14d72aa585...bab9a88841dd33c4927ec40697ab3ebe25d07969
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240116/f81d1fc2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list