[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 24 16:01:19 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a2e8f18 by Moritz Muehlenhoff at 2024-05-24T17:00:36+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6610,7 +6610,7 @@ CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux 5.10.205-1
 	NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3)
 CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...)
-	- dnsdist <unfixed>
+	- dnsdist <unfixed> (bug #1071750)
 	[bookworm] - dnsdist <not-affected> (Vulnerable code not present)
 	[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
 	[buster] - dnsdist <not-affected> (Vulnerable code not present)
@@ -6649,7 +6649,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the p
 CVE-2024-29212 (Due to an  unsafe de-serialization method used by the Veeam Service Pr ...)
 	NOT-FOR-US: Veeam
 CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...)
-	- iperf3 <unfixed>
+	- iperf3 <unfixed> (bug #1071751)
 	[bookworm] - iperf3 <no-dsa> (Minor issue)
 	[bullseye] - iperf3 <no-dsa> (Minor issue)
 	[buster] - iperf3 <postponed> (Minor issue; can be fixed in next update)
@@ -8989,7 +8989,7 @@ CVE-2024-31963 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones
 CVE-2024-31673 (Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via t ...)
 	NOT-FOR-US: Kliqqi-CMS
 CVE-2024-31636 (An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive  ...)
-	- lief <unfixed>
+	- lief <unfixed> (bug #1071743)
 	[bookworm] - lief <no-dsa> (Minor issue)
 	[bullseye] - lief <no-dsa> (Minor issue)
 	[buster] - lief <postponed> (Minor issue)
@@ -12761,7 +12761,7 @@ CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer r
 CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate  ...)
 	NOT-FOR-US: inducer relate
 CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...)
-	- cjson <unfixed>
+	- cjson <unfixed> (bug #1071742)
 	[bookworm] - cjson <no-dsa> (Minor issue)
 	[bullseye] - cjson <no-dsa> (Minor issue)
 	[buster] - cjson <postponed> (Sefault only; can be piggy-backed with future DLAs)
@@ -27042,7 +27042,7 @@ CVE-2024-2364 (A vulnerability classified as problematic has been found in Music
 CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...)
 	NOT-FOR-US: AOL AIM Triton
 CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them  ...)
-	- bpfcc <unfixed>
+	- bpfcc <unfixed> (bug #1071747)
 	[bookworm] - bpfcc <no-dsa> (Minor issue)
 	[bullseye] - bpfcc <no-dsa> (Minor issue)
 	[buster] - bpfcc <not-affected> (Vulnerable code introduced later)
@@ -27051,7 +27051,7 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load
 	NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and
 	NOTE: resulting in the additional problem in https://bugs.debian.org/1068297
 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load  ...)
-	- bpftrace <unfixed>
+	- bpftrace <unfixed> (bug #1071748)
 	[bookworm] - bpftrace <no-dsa> (Minor issue)
 	[bullseye] - bpftrace <no-dsa> (Minor issue)
 	[buster] - bpftrace <not-affected> (Vulnerable code introduced later)
@@ -29661,7 +29661,7 @@ CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.l
 CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...)
 	NOT-FOR-US: Projectworlds Visitor Management System
 CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker  ...)
-	- clojure <unfixed>
+	- clojure <unfixed> (bug #1071746)
 	NOTE: https://github.com/advisories/GHSA-vr64-r9qj-h27f
 	NOTE: https://hackmd.io/@fe1w0/rymmJGida
 CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x8 ...)
@@ -36191,7 +36191,7 @@ CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs m
 CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
 	NOT-FOR-US: Vyper
 CVE-2024-24557 (Moby is an open-source project created by Docker to enable software co ...)
-	- docker.io <unfixed>
+	- docker.io <unfixed> (bug #1071745)
 	[bookworm] - docker.io <no-dsa> (Minor issue)
 	[bullseye] - docker.io <no-dsa> (Minor issue)
 	[buster] - docker.io <no-dsa> (Minor issue with workarounds)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2e8f18e760db5951a641560bdf259098dcde85

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2e8f18e760db5951a641560bdf259098dcde85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240524/a4379de5/attachment.htm>

More information about the debian-security-tracker-commits mailing list