[Git][security-tracker-team/security-tracker][master] automatic update

Sun Nov 24 08:12:16 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6f7aac3 by security tracker role at 2024-11-24T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1373,17 +1373,17 @@ CVE-2024-11477 (7-Zip Zstandard Decompression Integer Underflow Remote Code Exec
 	[bookworm] - 7zip <not-affected> (Vulnerable code introduced in 24.01)
 	- p7zip <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
-CVE-2024-11233
+CVE-2024-11233 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...)
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43
 	NOTE: https://github.com/php/php-src/commit/a6c84cd7efd7eaaaefd4463412508df570d35358 (php-8.2.26)
-CVE-2024-11234
+CVE-2024-11234 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...)
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2
 	NOTE: https://github.com/php/php-src/commit/cf6700e86d6357420a7c8386da63d48fec55f633 (php-8.2.26)
-CVE-2024-11236
+CVE-2024-11236 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...)
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
@@ -3887,7 +3887,7 @@ CVE-2024-39712 (Argument injection in Ivanti Connect Secure before version 22.7R
 	NOT-FOR-US: Ivanti
 CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
 	NOT-FOR-US: Ivanti
-CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version 22.7R2 and  ...)
+CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before version 22. ...)
 	NOT-FOR-US: Ivanti
@@ -6188,6 +6188,7 @@ CVE-2024-10922 (The Featured Posts Scroll plugin for WordPress is vulnerable to
 CVE-2024-10027 (The WP Booking Calendar WordPress plugin before 10.6.3 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9902 (A flaw was found in Ansible. The ansible-core `user` module can allow  ...)
+	{DLA-3963-1}
 	- ansible-core 2.18.0-1 (bug #1086883)
 	[bookworm] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1
@@ -19552,6 +19553,7 @@ CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request w
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored in Ans ...)
+	{DLA-3963-1}
 	- ansible-core 2.17.5-5 (bug #1082851)
 	[bookworm] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f7aac3b6e0f2a203b73de906203267936aaa42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f7aac3b6e0f2a203b73de906203267936aaa42
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241124/0db88bf9/attachment.htm>
