[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f579a15d by Moritz Mühlenhoff at 2024-07-31T23:49:50+02:00
bugnums
hoteldruid non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -292,7 +292,8 @@ CVE-2024-37165 (Discourse is an open source discussion platform. Prior to 3.2.3
 CVE-2024-36572 (Prototype pollution in allpro form-manager 0.7.4 allows attackers to r ...)
 	NOT-FOR-US: allpro form-manager
 CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid before 1 ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (unimportant)
+	NOTE: Negligible security impact
 CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the jwt key ...)
 	NOT-FOR-US: Apache SeaTunnel
 CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forg ...)
@@ -13290,12 +13291,12 @@ CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to S
 CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak and occ ...)
 	NOT-FOR-US: Keycloak
 CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ  ...)
-	- freeipa <unfixed>
+	- freeipa <unfixed> (bug #1077683)
 	[bookworm] - freeipa <no-dsa> (Minor issue)
 	[bullseye] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
 CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...)
-	- freeipa <unfixed>
+	- freeipa <unfixed> (bug #1077682)
 	[bookworm] - freeipa <no-dsa> (Minor issue)
 	[bullseye] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
@@ -23974,7 +23975,7 @@ CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber
 CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...)
 	NOT-FOR-US: GoCD
 CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...)
-	- libcrypto++ <unfixed>
+	- libcrypto++ <unfixed> (bug #1077684)
 	[bookworm] - libcrypto++ <no-dsa> (Minor issue)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
 	[buster] - libcrypto++ <postponed> (Minor issue; can be fixed in next update)
@@ -38098,12 +38099,14 @@ CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When neg
 	NOTE: in Debian/experimental, but the first upload directly provides fixes, so mark
 	NOTE: as <not-affected> altogether
 CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...)
-	- mbedtls <unfixed>
+	[experimental] - mbedtls 3.6.0-1
+	- mbedtls <unfixed> (bug #1077686)
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
 	[buster] - mbedtls <postponed> (Minor issue)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654
 	NOTE: Possibly the same as CVE-2023-52353.
+	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2
 CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows versions 10. ...)
 	NOT-FOR-US: Axigen Mail Server for Windows
 CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f579a15d36f6e850635918ac4a85c7b3efc94411

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f579a15d36f6e850635918ac4a85c7b3efc94411
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240731/8d53bf05/attachment.htm>