[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 16 09:12:29 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af84318a by security tracker role at 2024-06-16T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...)
+	TODO: check
+CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...)
+	TODO: check
+CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...)
+	TODO: check
+CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...)
+	TODO: check
 CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...)
 	NOT-FOR-US: itsourcecode Online Laundry Management System
 CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...)
@@ -18577,6 +18585,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection v
 CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...)
 	NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer
 CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -19862,6 +19871,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver
 CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
 	NOT-FOR-US: Arm
 CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -19885,6 +19895,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	NOTE: https://trac.ffmpeg.org/ticket/10753
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19 (n7.0)
 CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -19893,6 +19904,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0)
 	NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
 CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -19917,6 +19929,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -20430,6 +20443,7 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.)
 CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...)
+	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240616/f431e16c/attachment.htm>

More information about the debian-security-tracker-commits mailing list