[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Reference fix for CVE-2024-4068/node-braces"

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 22 21:45:11 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92ff20ed by Salvatore Bonaccorso at 2024-05-22T22:40:14+02:00
Revert "Reference fix for CVE-2024-4068/node-braces"

This reverts commit ceeb6abf3bc08c2c81e86de151967575d3014f5a.

For now revert this reference. It is not fully clear following upstream
issue #35.

- - - - -
28e43f48 by Salvatore Bonaccorso at 2024-05-22T22:44:35+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...)
-	TODO: check
+	NOT-FOR-US: Arris VAP2500
 CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...)
-	TODO: check
+	NOT-FOR-US: Arris VAP2500
 CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...)
-	TODO: check
+	NOT-FOR-US: Arris VAP2500
 CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Ritlabs TinyWeb Server
 CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...)
 	TODO: check
 CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to  ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit
 CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...)
-	TODO: check
+	NOT-FOR-US: WithSecure Elements Endpoint Protection
 CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...)
 	TODO: check
 CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...)
 	TODO: check
 CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...)
@@ -6062,7 +6062,6 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit
 	[bullseye] - node-braces <no-dsa> (Minor issue)
 	[buster] - node-braces <postponed> (Minor issue)
 	NOTE: https://github.com/micromatch/braces/issues/35
-	NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3)
 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
 	- node-micromatch <unfixed> (bug #1071631)
 	[bookworm] - node-micromatch <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/44805a74/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list