[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
00508eba by Moritz Muehlenhoff at 2024-05-28T23:40:20+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query c
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274401
 	TODO: check provided details
 CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...)
-	- gnome-shell <unfixed>
+	- gnome-shell <unfixed> (bug #1072124)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
 CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...)
 	TODO: check
@@ -19552,7 +19552,7 @@ CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. It has been declared
 CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been ...)
 	NOT-FOR-US: QKSMS
 CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...)
-	- frr <unfixed>
+	- frr <unfixed> (bug #1070377)
 	[bullseye] - frr <not-affected> (Vulnerable code not present)
 	[buster] - frr <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FRRouting/frr/pull/15674/
@@ -19562,7 +19562,7 @@ CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) throug
 	NOTE: https://github.com/FRRouting/frr/commit/e08495a4a8ad4d2050691d9e5e13662d2635b2e0
 	NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0)
 CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow and dae ...)
-	- frr <unfixed>
+	- frr <unfixed> (bug #1070377)
 	[bullseye] - frr <not-affected> (Vulnerable code not present)
 	[buster] - frr <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FRRouting/frr/pull/15674/
@@ -19573,13 +19573,12 @@ CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow a
 	NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0)
 CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...)
 	{DLA-3797-1}
-	- frr <unfixed>
+	- frr <unfixed> (bug #1072125)
 	NOTE: https://github.com/FRRouting/frr/pull/15640
-	NOTE: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...)
 	{DLA-3797-1}
-	- frr <unfixed>
+	- frr <unfixed> (bug #1072126)
 	NOTE: https://github.com/FRRouting/frr/pull/15628
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07
@@ -43959,7 +43958,7 @@ CVE-2023-51079 (A long execution time can occur in the ParseTools.subCompileExpr
 CVE-2023-51075 (hutool-core v5.8.23 was discovered to contain an infinite loop in the  ...)
 	NOT-FOR-US: Hutool
 CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...)
-	- jayway-jsonpath <unfixed>
+	- jayway-jsonpath <unfixed> (bug #1072123)
 	[bookworm] - jayway-jsonpath <no-dsa> (Minor issue)
 	[bullseye] - jayway-jsonpath <no-dsa> (Minor issue)
 	[buster] - jayway-jsonpath <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00508eba7d5c3741fecf3ed8077b4bf9c86d8293

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00508eba7d5c3741fecf3ed8077b4bf9c86d8293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/ae805706/attachment.htm>