[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2024-22641/tcpdf

Mon Jun 3 20:55:20 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbbed30a by Salvatore Bonaccorso at 2024-06-03T21:52:36+02:00
Add Debian bug reference for CVE-2024-22641/tcpdf

- - - - -
9b4f1533 by Salvatore Bonaccorso at 2024-06-03T21:53:33+02:00
Add Debian bug reference for CVE-2024-35226

- - - - -
9323cc09 by Salvatore Bonaccorso at 2024-06-03T21:54:20+02:00
Add Debian bug reference for CVE-2024-2199/389-ds-base

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1074,8 +1074,8 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In
 CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...)
 	NOT-FOR-US: Umbraco Commerce
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
-	- smarty3 <unfixed>
-	- smarty4 <unfixed>
+	- smarty3 <unfixed> (bug #1072530)
+	- smarty4 <unfixed> (bug #1072529)
 	NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
 	NOTE: https://github.com/smarty-php/smarty/commit/76881c8d33d80648f70c9b0339f770f5f69a87a2 (v4.5.3)
 	NOTE: https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a (v5.2.0)
@@ -1084,7 +1084,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encrypti
 CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...)
 	NOT-FOR-US: HCL
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
-	- tcpdf <unfixed>
+	- tcpdf <unfixed> (bug #1072528)
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
 	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/tecnickcom/TCPDF/issues/724
@@ -1207,7 +1207,7 @@ CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could potential
 CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & Host) ...)
 	NOT-FOR-US: TeamViewer
 CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1072531)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2267976
 CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...)
 	NOT-FOR-US: Foxit Reader



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a79b0175394cf9652294e71b346d50121b57cd99...9323cc0924fa2a1bef113237ff30c72283d4c258

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a79b0175394cf9652294e71b346d50121b57cd99...9323cc0924fa2a1bef113237ff30c72283d4c258
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/faa8d090/attachment.htm>
