[Git][security-tracker-team/security-tracker][master] 2 commits: Process some new NFUs

Sat Mar 2 20:22:40 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ced26434 by Salvatore Bonaccorso at 2024-03-02T21:17:40+01:00
Process some new NFUs

- - - - -
ed67b99b by Salvatore Bonaccorso at 2024-03-02T21:21:53+01:00
Mark two gnutls28 issues as no-dsa for bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-1449 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1398 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0611 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0378 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6326 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allo ...)
 	NOT-FOR-US: Petrol Pump Mangement Software
 CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 al ...)
@@ -25,9 +25,9 @@ CVE-2024-25436 (A cross-site scripting (XSS) vulnerability in the Production mod
 CVE-2024-25434 (A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows atta ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
 CVE-2024-25064 (Due to insufficient server-side validation, an attacker with login pri ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2024-25063 (Due to insufficient server-side validation, a successful exploit of th ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2024-24512 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
 CVE-2024-24511 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...)
@@ -10089,6 +10089,7 @@ CVE-2024-0569 (A vulnerability classified as problematic has been found in Totol
 CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL ...)
 	- gnutls28 3.8.3-1 (bug #1061045)
 	[bookworm] - gnutls28 3.7.9-2+deb12u2
+	[bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point release)
 	[buster] - gnutls28 <not-affected> (Vulnerabity introduced in 3.7)
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1521
 	NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09
@@ -10104,6 +10105,7 @@ CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malfor
 	{DLA-3740-1}
 	- gnutls28 3.8.3-1 (bug #1061046)
 	[bookworm] - gnutls28 3.7.9-2+deb12u2
+	[bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point release)
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1522
 	NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14
 	NOTE: https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e (3.8.3)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/342261abab386c64c6bae5767653b26b5204e72d...ed67b99b56792adb83c8fc2872a6940449bc34f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/342261abab386c64c6bae5767653b26b5204e72d...ed67b99b56792adb83c8fc2872a6940449bc34f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240302/854caaf0/attachment.htm>
