[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 15 12:38:04 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4787f35a by Moritz Muehlenhoff at 2024-05-15T13:32:17+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -821,10 +821,11 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A
CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...)
- - libxml2 <unfixed> (bug #1071162)
+ - libxml2 <unfixed> (unimportant; bug #1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7)
+ NOTE: Crash in CLI tool, no security impact
CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...)
@@ -1434,6 +1435,8 @@ CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusi
NOT-FOR-US: WordPress theme
CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...)
- golang-github-opencontainers-go-digest <unfixed> (bug #1070858)
+ [bookworm] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue)
+ [bullseye] - golang-github-opencontainers-go-digest <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274767
CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...)
NOT-FOR-US: WordPress plugin
@@ -3828,7 +3831,11 @@ CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Executi
NOT-FOR-US: Bentley
CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
- musescore2 <unfixed>
+ [bookworm] - musescore2 <no-dsa> (Minor issue)
+ [bullseye] - musescore2 <no-dsa> (Minor issue)
- musescore3 <unfixed> (bug #1070860)
+ [bookworm] - musescore3 <no-dsa> (Minor issue)
+ [bullseye] - musescore3 <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1526/
CVE-2023-44427 (D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injecti ...)
NOT-FOR-US: D-Link
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4787f35af1bfe5dd00a2f84dca237a6412d21e3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4787f35af1bfe5dd00a2f84dca237a6412d21e3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/df5597e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list