[Git][security-tracker-team/security-tracker][master] roundcube CVEfied plus one n/a

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb3fc44c by Moritz Muehlenhoff at 2024-06-07T11:43:40+02:00
roundcube CVEfied plus one n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,11 +45,14 @@ CVE-2024-3592 (The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plug
 CVE-2024-3288 (The Logo Slider  WordPress plugin before 4.0.0 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37385 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allow ...)
-	TODO: check
+	- roundcube <not-affected> (Windows-specific)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f
 CVE-2024-37384 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via l ...)
-	TODO: check
+	- roundcube 1.6.7+dfsg-1 (bug #1071474)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
 CVE-2024-37383 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via S ...)
-	TODO: check
+	- roundcube 1.6.7+dfsg-1 (bug #1071474)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
 CVE-2024-36823 (The encrypt() function of Ninja Core v7.0.0 was discovered to use a we ...)
 	NOT-FOR-US: Ninja framework
 CVE-2024-36795 (Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1  ...)
@@ -3598,12 +3601,6 @@ CVE-2024-36010 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c56d055893cbe97848611855d1c97d0ab171eccc (6.8-rc5)
-CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes]
-	- roundcube 1.6.7+dfsg-1 (bug #1071474)
-	NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
-CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences]
-	- roundcube 1.6.7+dfsg-1 (bug #1071474)
-	NOTE: https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
 CVE-2021-47498 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.14.16-1
 	NOTE: https://git.kernel.org/linus/b4459b11e84092658fa195a2587aff3b9637f0e7 (5.15-rc6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3fc44cb346e09917e6b7b9dc4a6d61e7934ff2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3fc44cb346e09917e6b7b9dc4a6d61e7934ff2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240607/06ce37bb/attachment.htm>