[Git][security-tracker-team/security-tracker][master] triage older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 6 19:15:50 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5cc6ea24 by Moritz Muehlenhoff at 2024-11-06T20:15:27+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10877,6 +10877,7 @@ CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `doc
NOT-FOR-US: RSSHub
CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems. Starting in ...)
- nix 2.24.8+dfsg-1 (bug #1082847)
+ [bookworm] - nix <no-dsa> (Minor issue)
NOTE: https://github.com/NixOS/nix/commit/062b4a489e30da9c85fa4ff15cfdd2e51cac7b90
NOTE: https://github.com/NixOS/nix/pull/11585
NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c
@@ -34849,14 +34850,16 @@ CVE-2024-37840 (SQL injection vulnerability in processscore.php in Itsourcecode
NOT-FOR-US: Itsourcecode Learning Management System Project In PHP With Source Code
CVE-2024-37795 (A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a ...)
- cvc5 <unfixed> (bug #1074235)
- [bookworm] - cvc5 <no-dsa> (Minor issue)
+ [bookworm] - cvc5 <ignored> (Minor issue)
[bullseye] - cvc5 <no-dsa> (Minor issue)
NOTE: https://github.com/cvc5/cvc5/issues/10813
+ NOTE: https://github.com/cvc5/cvc5/pull/10818
CVE-2024-37794 (Improper input validation in CVC5 Solver v1.1.3 allows attackers to ca ...)
- cvc5 <unfixed> (bug #1074235)
- [bookworm] - cvc5 <no-dsa> (Minor issue)
+ [bookworm] - cvc5 <ignored> (Minor issue)
[bullseye] - cvc5 <no-dsa> (Minor issue)
NOTE: https://github.com/cvc5/cvc5/issues/10813
+ NOTE: https://github.com/cvc5/cvc5/pull/10945
CVE-2024-37664 (Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attack ...)
NOT-FOR-US: Redmi router
CVE-2024-37663 (Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect messag ...)
@@ -44885,11 +44888,10 @@ CVE-2024-5095 (A vulnerability classified as problematic has been found in Victo
NOT-FOR-US: Victor Zsviot Camera
CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, which make ...)
- nix <unfixed> (bug #1072706)
- [bookworm] - nix <no-dsa> (Minor issue)
+ [bookworm] - nix <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - nix <no-dsa> (Minor issue)
NOTE: https://github.com/NixOS/nix/issues/969
NOTE: https://github.com/NixOS/ofborg/issues/68#issuecomment-2082789441
- TODO: check details and verify if same code (and only then) is present in guix
CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...)
- qtnetworkauth-everywhere-src 5.15.13-3 (bug #1071974)
[bookworm] - qtnetworkauth-everywhere-src <no-dsa> (Minor issue)
@@ -103126,7 +103128,7 @@ CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecil
NOT-FOR-US: cecil.app
CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, al ...)
- jgit 6.7.0-1 (bug #1055853)
- [bookworm] - jgit <no-dsa> (Minor issue)
+ [bookworm] - jgit <ignored> (Minor issue)
[bullseye] - jgit <no-dsa> (Minor issue)
[buster] - jgit <no-dsa> (Minor issue. Only case-insensitive filesystems are affected)
NOTE: https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r)
@@ -156292,8 +156294,8 @@ CVE-2022-4134 (A flaw was found in openstack-glance. This issue could allow a re
CVE-2022-4133
REJECTED
CVE-2022-4132 (A flaw was found in JSS. A memory leak in JSS requires non-standard co ...)
- - jss <unfixed> (bug #1052575)
- [bookworm] - jss <no-dsa> (Minor issue)
+ - jss 5.5.0-1 (bug #1052575)
+ [bookworm] - jss <ignored> (Minor issue)
[bullseye] - jss <no-dsa> (Minor issue)
[buster] - jss <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147372
@@ -172174,7 +172176,7 @@ CVE-2023-3637 (An uncontrolled resource consumption flaw was found in openstack-
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222270
CVE-2022-3277 (An uncontrolled resource consumption flaw was found in openstack-neutr ...)
- neutron <unfixed> (bug #1027150)
- [bookworm] - neutron <no-dsa> (Minor issue)
+ [bookworm] - neutron <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - neutron <no-dsa> (Minor issue)
[buster] - neutron <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc6ea24d7c2faa23c55a7641333007ed6efb13d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc6ea24d7c2faa23c55a7641333007ed6efb13d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241106/5012bccc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list