[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 22 16:23:30 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0e106d4 by Moritz Muehlenhoff at 2024-05-22T17:23:03+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -447,7 +447,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler
 CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...)
 	NOT-FOR-US: WinRAR
 CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...)
-	- python-pymysql <unfixed>
+	- python-pymysql <unfixed> (bug #1071628)
 	NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
 	NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1)
 CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
@@ -4869,8 +4869,8 @@ CVE-2024-35184 (Paperless-ngx is a document management system that transforms ph
 CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...)
 	TODO: check
 CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
-	- ruby3.2 <unfixed>
-	- ruby3.1 <unfixed>
+	- ruby3.2 <unfixed> (bug #1071627)
+	- ruby3.1 <unfixed> (bug #1071626)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
@@ -5919,13 +5919,13 @@ CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie R
 CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...)
-	- node-braces <unfixed>
+	- node-braces <unfixed> (bug #1071632)
 	[bookworm] - node-braces <no-dsa> (Minor issue)
 	[bullseye] - node-braces <no-dsa> (Minor issue)
 	[buster] - node-braces <postponed> (Minor issue)
 	NOTE: https://github.com/micromatch/braces/issues/35
 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
-	- node-micromatch <unfixed>
+	- node-micromatch <unfixed> (bug #1071631)
 	[bookworm] - node-micromatch <no-dsa> (Minor issue)
 	[bullseye] - node-micromatch <no-dsa> (Minor issue)
 	[buster] - node-micromatch <postponed> (Minor issue)
@@ -7146,7 +7146,7 @@ CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in
 CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in  ...)
 	NOT-FOR-US: jizhicms
 CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...)
-	- libmodbus <unfixed>
+	- libmodbus <unfixed> (bug #1071633)
 	[bookworm] - libmodbus <no-dsa> (Minor issue)
 	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	[buster] - libmodbus <postponed> (Minor issue; out-of-bounds read, DoS)
@@ -8048,7 +8048,7 @@ CVE-2024-4492 (A vulnerability, which was classified as critical, has been found
 CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21 1.0.0.14 ...)
 	NOT-FOR-US: Tenda
 CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting facilities make u ...)
-	- maxima <unfixed>
+	- maxima <unfixed> (bug #1071630)
 	[bookworm] - maxima <no-dsa> (Minor issue)
 	[bullseye] - maxima <no-dsa> (Minor issue)
 	[buster] - maxima <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e106d41947da7c67df7bbf0fd5f85c734f459c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e106d41947da7c67df7bbf0fd5f85c734f459c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/4fe596f4/attachment.htm>

More information about the debian-security-tracker-commits mailing list