[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 29 20:46:04 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7093c528 by Moritz Muehlenhoff at 2024-07-29T21:44:53+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4878,7 +4878,7 @@ CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file
 CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...)
 	NOT-FOR-US: WatchGuard Fireware OS
 CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1077545)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
 CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
@@ -4902,7 +4902,7 @@ CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobil
 CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1077547)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274437
 CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...)
 	NOT-FOR-US: WordPress plugin
@@ -5306,7 +5306,7 @@ CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x befor
 	- qtbase-opensource-src 5.15.13+dfsg-3 (bug #1076293)
 	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
-	- qtbase-opensource-src-gles <unfixed>
+	- qtbase-opensource-src-gles <unfixed> (bug #1077544)
 	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/571601
@@ -6026,12 +6026,12 @@ CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype
 CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype  ...)
 	NOT-FOR-US: ratio-swiper Nodejs module
 CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
-	- requirejs <unfixed>
+	- requirejs <unfixed> (bug #1077543)
 	[bookworm] - requirejs <no-dsa> (Minor issue)
 	[bullseye] - requirejs <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
 CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
-	- requirejs <unfixed>
+	- requirejs <unfixed> (bug #1077543)
 	[bookworm] - requirejs <no-dsa> (Minor issue)
 	[bullseye] - requirejs <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
@@ -8186,7 +8186,7 @@ CVE-2024-6182 (A vulnerability was found in LabVantage LIMS 2017. It has been ra
 CVE-2024-6181 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...)
 	NOT-FOR-US: LabVantage LIMS
 CVE-2024-6162 (A vulnerability was found in Undertow. URL-encoded request path inform ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1077546)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2293069
 CVE-2024-5886
 	REJECTED
@@ -16051,10 +16051,10 @@ CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetch
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0352.html
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0353.html
 CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...)
-	- rust-gix-index <unfixed>
+	- rust-gix-index <unfixed> (bug #1077541)
 	- rust-gitoxide <itp> (bug #1043208)
-	- rust-gix-worktree <unfixed>
-	- rust-gix-fs <unfixed>
+	- rust-gix-worktree <unfixed> (bug #1077542)
+	- rust-gix-fs <unfixed> (bug #1077540)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0348.html
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0349.html
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0350.html
@@ -25571,7 +25571,7 @@ CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Cod
 CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...)
 	NOT-FOR-US: Bentley
 CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
-	- musescore2 <unfixed>
+	- musescore2 <unfixed> (bug #1070860)
 	[bookworm] - musescore2 <no-dsa> (Minor issue)
 	[bullseye] - musescore2 <no-dsa> (Minor issue)
 	- musescore3 <unfixed> (bug #1070860)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7093c528bddf034b52cb771fe0282da4c70c8360

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7093c528bddf034b52cb771fe0282da4c70c8360
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240729/580057b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list