[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 12 11:34:02 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8a79646 by Moritz Muehlenhoff at 2024-11-12T12:33:25+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30221,7 +30221,7 @@ CVE-2024-6643
 	REJECTED
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
 	- twitter-bootstrap4 <unfixed> (bug #1084059)
-	[bookworm] - twitter-bootstrap4 <no-dsa> (Minor issue)
+	[bookworm] - twitter-bootstrap4 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - twitter-bootstrap4 <postponed> (Minor issue; can be fixed in next update)
 	- twitter-bootstrap3 <not-affected> (Only affects 4.x)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
@@ -30230,13 +30230,13 @@ CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generati
 CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...)
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 <unfixed> (bug #1084060)
-	[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 <unfixed> (bug #1084060)
-	[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
 CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
@@ -55236,10 +55236,10 @@ CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles some
 	NOT-FOR-US: CARLA (carla-simulator)
 CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attacke ...)
 	- rar 2:7.00-1
-	[bookworm] - rar <no-dsa> (Non-free not supported)
+	[bookworm] - rar <ignored> (Non-free not supported)
 	[bullseye] - rar <no-dsa> (Non-free not supported)
 	- unrar-nonfree 1:7.0.3-1
-	[bookworm] - unrar-nonfree <no-dsa> (Non-free not supported)
+	[bookworm] - unrar-nonfree <ignored> (Non-free not supported)
 	[bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983
 CVE-2024-33891 (Delinea Secret Server before 11.7.000001 allows attackers to bypass au ...)
@@ -157250,7 +157250,7 @@ CVE-2022-46166 (Spring boot admins is an open source administrative user interfa
 	NOT-FOR-US: Spring boot admins
 CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program.  ...)
 	- syncthing 1.27.2~ds4-1 (bug #1037432)
-	[bookworm] - syncthing <no-dsa> (Minor issue)
+	[bookworm] - syncthing <ignored> (Minor issue)
 	[bullseye] - syncthing <no-dsa> (Minor issue)
 	[buster] - syncthing <ignored> (Minor issue)
 	NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h
@@ -157327,7 +157327,7 @@ CVE-2022-4171 (The demon image annotation plugin for WordPress is vulnerable to
 	NOT-FOR-US: demon image annotation plugin for WordPress
 CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code execution, in  ...)
 	- rxvt-unicode 9.31-1 (bug #1025489)
-	[bookworm] - rxvt-unicode <no-dsa> (Minor issue)
+	[bookworm] - rxvt-unicode <ignored> (Minor issue, not exploitable due to a bug)
 	[bullseye] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
 	[buster] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/12/05/1
@@ -167991,7 +167991,7 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789.)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...)
 	- wordpress <unfixed> (bug #1033251)
-	[bookworm] - wordpress <no-dsa> (Minor issue)
+	[bookworm] - wordpress <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - wordpress <no-dsa> (Minor issue)
 	[buster] - wordpress <postponed> (Minor issue)
 	NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8a7964613c79e41b5d786a4c77d8260d9f84e23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8a7964613c79e41b5d786a4c77d8260d9f84e23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241112/9543c621/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list