[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 10 18:35:24 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f475b9aa by Moritz Muehlenhoff at 2024-05-10T19:34:29+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -117,7 +117,7 @@ CVE-2024-3807 (The Porto theme for WordPress is vulnerable to Local File Inclusi
 CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...)
 	NOT-FOR-US: WordPress theme
 CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...)
-	- golang-github-opencontainers-go-digest <unfixed>
+	- golang-github-opencontainers-go-digest <unfixed> (bug #1070858)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274767
 CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...)
 	NOT-FOR-US: WordPress plugin
@@ -289,7 +289,7 @@ CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper SchedulePress
 CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and earlier, ...)
-	- npgsql <unfixed>
+	- npgsql <unfixed> (bug #1070859)
 	NOTE: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
 	NOTE: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
 CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
@@ -2502,7 +2502,7 @@ CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Executi
 	NOT-FOR-US: Bentley
 CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
 	- musescore2 <unfixed>
-	- musescore3 <unfixed>
+	- musescore3 <unfixed> (bug #1070860)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1526/
 CVE-2023-44427 (D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injecti ...)
 	NOT-FOR-US: D-Link



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f475b9aa1d4e9c0b83c7a6ac3753cd9c2895a671

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f475b9aa1d4e9c0b83c7a6ac3753cd9c2895a671
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240510/53279997/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list