[Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 8 22:34:19 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d85816e2 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00
Process some NFUs

- - - - -
ec0f49b4 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00
Add new suricata issues

- - - - -
c528e26a by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00
Add two new glpi issues

- - - - -
c236e40b by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00
Add CVE-2024-32972/golang-github-go-ethereum

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print Invo
 CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to arbitrary sh ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: PTC Codebeamer
 CVE-2024-3507 (Improper privilege management vulnerability in Lunar software that aff ...)
-	TODO: check
+	NOT-FOR-US: Lunar
 CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -352,7 +352,7 @@ CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable
 CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...)
-	TODO: check
+	NOT-FOR-US: AChecker
 CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...)
 	TODO: check
 CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...)
@@ -364,7 +364,7 @@ CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusio
 CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...)
 	NOT-FOR-US: CmsEasy
 CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...)
-	TODO: check
+	NOT-FOR-US: Minder by Stacklok
 CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...)
 	NOT-FOR-US: Logpoint
 CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...)
@@ -388,37 +388,57 @@ CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function
 CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
 	TODO: check
 CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: J2EEFAST
 CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: Roothub
 CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: Roothub
 CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload vulner ...)
-	TODO: check
+	NOT-FOR-US: Roothub
 CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.5-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5
+	NOTE: https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9
+	NOTE: https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66
+	NOTE: https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634
+	NOTE: https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b
+	NOTE: https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9
+	NOTE: https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8
+	NOTE: https://redmine.openinfosecfoundation.org/issues/6672
+	NOTE: https://redmine.openinfosecfoundation.org/issues/6673
+	NOTE: https://redmine.openinfosecfoundation.org/issues/6677
 CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.5-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
+	NOTE: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
+	NOTE: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
 CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.5-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
+	NOTE: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
+	NOTE: https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
+	NOTE: https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
+	NOTE: https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
+	NOTE: https://redmine.openinfosecfoundation.org/issues/6892
+	NOTE: https://redmine.openinfosecfoundation.org/issues/6900
 CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
 	NOT-FOR-US: HSC Cybersecurity HC Mailinspector
 CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
@@ -426,9 +446,13 @@ CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through
 CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2. ...)
 	NOT-FOR-US: HSC Cybersecurity HC Mailinspector
 CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j
+	NOTE: https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
 CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
+	NOTE: https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
 CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been identified i ...)
 	TODO: check
 CVE-2024-29209 (A medium severity vulnerability has been identified in the update mech ...)
@@ -704,9 +728,9 @@ CVE-2024-34366 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2024-34252 (wasm3 v0.5.0 was discovered to contain a global buffer overflow which  ...)
 	NOT-FOR-US: wasm3
 CVE-2024-34251 (An out-of-bound memory read vulnerability was discovered in Bytecode A ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2024-34250 (A heap buffer overflow vulnerability was discovered in Bytecode Allian ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a heap buffer overflow which le ...)
 	NOT-FOR-US: wasm3
 CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory read whi ...)
@@ -795,7 +819,7 @@ CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Pe
 CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway Interface (ASG ...)
 	TODO: check
 CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
-	TODO: check
+	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2041



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/030d71aa119533d74d58ce4a451b5fa79426b745...c236e40b86d7c13b941c0eeebae7eb76503f3f72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/030d71aa119533d74d58ce4a451b5fa79426b745...c236e40b86d7c13b941c0eeebae7eb76503f3f72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/656a4e15/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list