[Git][security-tracker-team/security-tracker][master] opennds bug reference

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 28 23:08:16 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49766927 by Moritz Muehlenhoff at 2024-05-29T00:07:23+02:00
opennds bug reference
bogus ruby-json-jwt issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31882,6 +31882,7 @@ CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq
 CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...)
 	- opennds <unfixed>
 	NOTE: https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md
+	NOTE: https://github.com/openNDS/openNDS/issues/600
 CVE-2024-25760
 	REJECTED
 CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...)
@@ -44170,10 +44171,7 @@ CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to c
 	NOTE: https://bitbucket.org/b_c/jose4j/issues/212
 	NOTE: https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
 CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...)
-	- ruby-json-jwt <unfixed>
-	[bookworm] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
-	[bullseye] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
-	[buster] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
+	NOTE: Disputed ruby-json-jwt issue
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
 	NOTE: https://github.com/nov/json-jwt/issues/113
 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/497669270382242f18ed58dc0d447d2834e3ecf5

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/497669270382242f18ed58dc0d447d2834e3ecf5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/8f7e8370/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list