[Git][security-tracker-team/security-tracker][master] 2 commits: Update dlt-daemon CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f17286b by Dylan Aïssi at 2024-05-16T10:11:09+02:00
Update dlt-daemon CVEs

- - - - -
80f9f616 by Salvatore Bonaccorso at 2024-05-16T12:17:38+00:00
Merge branch 'wip/daissi/dlt-daemon' into 'master'

Update dlt-daemon CVEs

See merge request security-tracker-team/security-tracker!175
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50284,7 +50284,9 @@ CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resour
 	NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
 	NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
 CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...)
-	NOT-FOR-US: COVESA
+	- dlt-daemon 2.18.9-1
+	NOTE: https://github.com/COVESA/dlt-daemon/issues/436
+	NOTE: https://github.com/COVESA/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899 (2.18.9)
 CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...)
 	NOT-FOR-US: Ivanti
 CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...)
@@ -87739,7 +87741,9 @@ CVE-2023-26259
 CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...)
 	NOT-FOR-US: Arcserve
 CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
-	NOT-FOR-US: Connected Vehicle Systems Alliance
+	- dlt-daemon 2.18.9-1
+	NOTE: https://github.com/COVESA/dlt-daemon/issues/440
+	NOTE: https://github.com/COVESA/dlt-daemon/commit/b6149e203f919c899fefc702a17fbb78bdec3700 (2.18.9)
 CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
 	NOT-FOR-US: Plugin for Jira
 CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
@@ -128623,9 +128627,11 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks
 CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...)
 	NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
 CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
-	NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
+	- dlt-daemon 2.18.9-1
+	NOTE: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 (2.18.9)
 CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
-	NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
+	- dlt-daemon 2.18.9-1
+	NOTE: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 (2.18.9)
 CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...)
 	- gajim 1.5.0-1
 	[bullseye] - gajim <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240516/4e462245/attachment.htm>