[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat May 4 19:46:55 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef852fb3 by Moritz Muehlenhoff at 2024-05-04T20:46:09+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2252,10 +2252,10 @@ CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Store
 CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...)
 	NOT-FOR-US: Webroot Antivirus
 CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...)
-	- tinyproxy <unfixed>
+	- tinyproxy <unfixed> (bug #1070395)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
 CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...)
-	- libstb <unfixed>
+	- libstb <unfixed> (bug #1070394)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846
 CVE-2023-47166 (A firmware update vulnerability exists in the luci2-io file-import fun ...)
 	NOT-FOR-US: Milesight UR32L
@@ -2264,7 +2264,7 @@ CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthent
 CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...)
 	NOT-FOR-US: Teledyne FLIR M300
 CVE-2023-40533 (An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 w ...)
-	- tinyproxy <unfixed>
+	- tinyproxy <unfixed> (bug #1070395)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902
 CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <not-affected> (Vulnerable code not present)
@@ -3409,7 +3409,7 @@ CVE-2023-48684 (Sensitive information disclosure and manipulation due to missing
 CVE-2023-48683 (Sensitive information disclosure and manipulation due to missing autho ...)
 	NOT-FOR-US: Acronis Cyber Protect Cloud Agent
 CVE-2023-46565 (Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d1 ...)
-	- gobgp <unfixed>
+	- gobgp <unfixed> (bug #1070393)
 	NOTE: https://github.com/osrg/gobgp/issues/2725
 CVE-2023-46270 (MacPaw The Unarchiver before 4.3.6 contains vulnerability related to m ...)
 	NOT-FOR-US: MacPaw The Unarchiver
@@ -22042,7 +22042,7 @@ CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...)
 	- ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
-	- opendmarc <unfixed>
+	- opendmarc <unfixed> (bug #1070390)
 	[bookworm] - opendmarc <no-dsa> (Minor issue)
 	[bullseye] - opendmarc <no-dsa> (Minor issue)
 	[buster] - opendmarc <no-dsa> (Minor issue)
@@ -25146,7 +25146,7 @@ CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks
 	NOT-FOR-US: Motorola
 CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
-	- exiv2 <unfixed>
+	- exiv2 <unfixed> (bug #1070392)
 	[bookworm] - exiv2 <no-dsa> (Minor issue)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)
@@ -25174,7 +25174,7 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb
 	NOT-FOR-US: WordPress plugin
 CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
-	- exiv2 <unfixed>
+	- exiv2 <unfixed> (bug #1070392)
 	[bookworm] - exiv2 <no-dsa> (Minor issue)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef852fb39e30f07a3c0071ee27a717b2881f7300

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef852fb39e30f07a3c0071ee27a717b2881f7300
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/a50adaf9/attachment.htm>

More information about the debian-security-tracker-commits mailing list