[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2024-40630/openimageio

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 16 09:46:04 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb64ff59 by Salvatore Bonaccorso at 2024-07-16T10:45:32+02:00
Add CVE-2024-40630/openimageio

- - - - -
27d6b895 by Salvatore Bonaccorso at 2024-07-16T10:45:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,11 +37,13 @@ CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint Workben
 CVE-2024-40631 (Plate media is an open source, rich-text editor for React. Editors tha ...)
 	TODO: check
 CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/0a2dcb4cf2c3fd4825a146cd3ad929d9d8305ce3
 CVE-2024-40627 (Fastapi OPA is an opensource fastapi middleware which includes auth fl ...)
-	TODO: check
+	NOT-FOR-US: Fastapi OPA
 CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private tracker engine ...)
-	TODO: check
+	NOT-FOR-US: TorrentPier
 CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL injectio ...)
 	NOT-FOR-US: Tmall_demo
 CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...)
@@ -61,7 +63,7 @@ CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility featurin
 CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...)
 	TODO: check
 CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Ic ...)
-	TODO: check
+	NOT-FOR-US: Thruk
 CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
 	TODO: check
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64a1418935c41a0b84210c2edc434eb8daca90ab...27d6b895da1abfa442bc3ef1b51e14f9b499dbec

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64a1418935c41a0b84210c2edc434eb8daca90ab...27d6b895da1abfa442bc3ef1b51e14f9b499dbec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240716/7aa0099f/attachment.htm>

More information about the debian-security-tracker-commits mailing list