[Git][security-tracker-team/security-tracker][master] triage older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 11 12:26:47 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0395d15d by Moritz Muehlenhoff at 2024-11-11T13:26:21+01:00
triage older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38461,15 +38461,16 @@ CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to S
CVE-2024-5203
REJECTED
CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ...)
- - freeipa <unfixed> (bug #1077683)
- [bookworm] - freeipa <no-dsa> (Minor issue)
- [bullseye] - freeipa <no-dsa> (Minor issue)
+ - freeipa <unfixed> (bug #1077683; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
+ NOTE: https://pagure.io/freeipa/c/dfd4492efd47d45bcac4ee1d32d21cae91142df8
+ NOTE: FreeIPA in Debian only builds the client packages, not the server
CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...)
- - freeipa <unfixed> (bug #1077682)
- [bookworm] - freeipa <no-dsa> (Minor issue)
- [bullseye] - freeipa <no-dsa> (Minor issue)
+ - freeipa <unfixed> (bug #1077682; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
+ NOTE: https://www.freeipa.org/release-notes/4-12-1.html
+ NOTE: https://pagure.io/freeipa/c/3b58080f67eb940023d612aabd30533f1dc9387f
+ NOTE: FreeIPA in Debian only builds the client packages, not the server
CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v ...)
NOT-FOR-US: Comtrend router
CVE-2024-5785 (Command injection vulnerability in Comtrend router WLD71-T1_v2.0.20182 ...)
@@ -75175,7 +75176,7 @@ CVE-2024-1669 (Out of bounds memory access in Blink in Google Chrome prior to 12
CVE-2024-1481 (A flaw was found in FreeIPA. This issue may allow a remote attacker to ...)
{DLA-3773-1}
- freeipa <unfixed> (bug #1065106)
- [bookworm] - freeipa <no-dsa> (Minor issue)
+ [bookworm] - freeipa <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262169
NOTE: https://pagure.io/freeipa/issue/9541
NOTE: ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
@@ -75186,6 +75187,7 @@ CVE-2024-1481 (A flaw was found in FreeIPA. This issue may allow a remote attack
NOTE: is not part of the provided binary packages. The kinit.py file is however and
NOTE: it is not entirelly clear whether this may be used in a vulnerable way when
NOTE: the client is used for authentication purposes.
+ NOTE: FreeIPA in Debian only builds the client packages, not the server
CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...)
NOT-FOR-US: Liferay
CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...)
@@ -120275,12 +120277,14 @@ CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/71
+ NOTE: https://github.com/podofo/podofo/commit/8f514d69b4ac3c9aa9f725fa93486fe4b7876642 (0.10.1)
CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...)
- libpodofo <unfixed> (bug #1036278)
[bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/70
+ NOTE: https://github.com/podofo/podofo/commit/00d2735a9c5bcb438d6f922b5f2445d28389c2d1 (0.10.1)
CVE-2023-31557
REJECTED
CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...)
@@ -128366,7 +128370,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection
NOTE: https://github.com/redis/redis-py/pull/2641
CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...)
- python-redis <unfixed> (bug #1033754)
- [bookworm] - python-redis <no-dsa> (Minor issue)
+ [bookworm] - python-redis <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - python-redis <not-affected> (Vulnerable code not present)
[buster] - python-redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/redis/redis-py/issues/2624
@@ -276069,28 +276073,28 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
- libpodofo <unfixed> (bug #986794)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/132/
CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
- libpodofo <unfixed> (bug #986793)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
- libpodofo <unfixed> (bug #986792)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
- libpodofo <unfixed> (bug #986791)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
@@ -335001,7 +335005,7 @@ CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in Po
NOTE: Negligible security impact
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
- libpodofo <unfixed> (bug #1014858)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
@@ -472897,7 +472901,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
- [bookworm] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0395d15da32610b4829a5242cdc56c91893ef18e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0395d15da32610b4829a5242cdc56c91893ef18e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241111/e94f9ef4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list