[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 26 17:05:36 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4141e038 by Moritz Muehlenhoff at 2024-05-26T18:04:12+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,10 +91,11 @@ CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 a
CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...)
NOT-FOR-US: AVTECH Room Alert
CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...)
- - squid <unfixed>
- - squid3 <removed>
+ - squid <unfixed> (unimportant)
+ - squid3 <removed> (unimportant)
NOTE: https://github.com/squid-cache/squid/pull/1763
NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a1111840d
+ NOTE: OOB read in config file parsing, doesn't cross any reasonable security boundary
CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...)
TODO: check
CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.)
@@ -4193,7 +4194,10 @@ CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, whic
TODO: check details and verify if same code (and only then) is present in guix
CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...)
- qtnetworkauth-everywhere-src <unfixed>
+ [bookworm] - qtnetworkauth-everywhere-src <no-dsa> (Minor issue)
+ [bullseye] - qtnetworkauth-everywhere-src <no-dsa> (Minor issue)
- qt6-networkauth <unfixed>
+ [bookworm] - qt6-networkauth <no-dsa> (Minor issue)
NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
CVE-2024-28064 (Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/Env ...)
@@ -31308,6 +31312,8 @@ CVE-2021-46907
REJECTED
CVE-2024-26144 (Rails is a web-application framework. Starting with version 5.2.0, the ...)
- rails <unfixed> (bug #1065119)
+ [bookworm] - rails <no-dsa> (Minor issue)
+ [bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...)
NOT-FOR-US: Hoppscotch
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4141e03819b535befca43c6659f00524d2830326
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4141e03819b535befca43c6659f00524d2830326
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240526/bd5db35c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list