[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f38ac6d0 by Moritz Muehlenhoff at 2024-05-28T22:45:23+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -300,7 +300,6 @@ CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame
 	NOTE: Same upstream commit as CVE-2023-44488
 CVE-2023-50977
 	REJECTED
-	NOTE: Disputed GNOME Shell issue
 CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...)
 	NOT-FOR-US: rockhopper Python library (different from src:rockhopper)
 CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...)
@@ -536,7 +535,7 @@ CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4
 CVE-2024-33427
 	REJECTED
 CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...)
-	- liboqs <unfixed>
+	- liboqs <unfixed> (bug #1072118)
 	NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA
 CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.)
 	NOT-FOR-US: Kwik
@@ -4650,11 +4649,10 @@ CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypas
 	NOT-FOR-US: MSI Afterburner
 CVE-2024-3658
 	REJECTED
-	NOT-FOR-US: WordPress plugin
 CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...)
 	NOT-FOR-US: SurveyJS Form Library
 CVE-2024-34083 (aiosmptd is  a reimplementation of the Python stdlib smtpd.py based on ...)
-	- python-aiosmtpd <unfixed>
+	- python-aiosmtpd <unfixed> (bug #1072119)
 	[bookworm] - python-aiosmtpd <no-dsa> (Minor issue)
 	[bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8
@@ -5452,7 +5450,7 @@ CVE-2024-22145 (Improper Privilege Management vulnerability in InstaWP Team Inst
 CVE-2024-22139 (Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-22120 (Zabbix server can perform command execution for configured scripts. Af ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #1072120)
 	NOTE: https://support.zabbix.com/browse/ZBX-24505
 CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f38ac6d0236380de377bbc03963ad6707c3ed5f4

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f38ac6d0236380de377bbc03963ad6707c3ed5f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/2322410d/attachment.htm>