[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 4 16:27:20 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4e02bad by Moritz Muehlenhoff at 2024-10-04T17:27:00+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,7 +105,7 @@ CVE-2024-45871 (Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x2
 CVE-2024-45870 (Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in  ...)
 	NOT-FOR-US: Bandisoft BandiView
 CVE-2024-42415 (An integer overflow vulnerability exists in the Compound Document Bina ...)
-	- libgsf <unfixed>
+	- libgsf <unfixed> (bug #1084056)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069
 	NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
 	NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0
@@ -148,22 +148,22 @@ CVE-2024-41163 (A directory traversal vulnerability exists in the archive downlo
 CVE-2024-39755 (A privilege escalation vulnerability exists in the Veertu Anka Build 1 ...)
 	NOT-FOR-US: Veertu Anka
 CVE-2024-36474 (An integer overflow vulnerability exists in the Compound Document Bina ...)
-	- libgsf <unfixed>
+	- libgsf <unfixed> (bug #1084056)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068
 	NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
 	NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0
 CVE-2024-34535 (In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setti ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-0125 (NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1084054)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
 CVE-2024-0124 (NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1084054)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
 CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1084054)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
 CVE-2023-37822 (Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the depre ...)
@@ -425,7 +425,7 @@ CVE-2024-9411 (A vulnerability classified as problematic has been found in OFCMS
 CVE-2024-9405 (An incorrect limitation of a path to a restricted directory (path trav ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2024-9341 (A flaw was found in Go. When FIPS mode is enabled on a system, contain ...)
-	- golang-github-containers-common <unfixed>
+	- golang-github-containers-common <unfixed> (bug #1084061)
 	[bookworm] - golang-github-containers-common <no-dsa> (Minor issue, only affects FIPS-enabled containers)
 	[bullseye] - golang-github-containers-common <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315691
@@ -694,7 +694,7 @@ CVE-2024-47641 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-47536 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
 	NOT-FOR-US: MediaWiki skin
 CVE-2024-47532 (RestrictedPython is a restricted execution environment for Python to r ...)
-	- restrictedpython <unfixed>
+	- restrictedpython <unfixed> (bug #1084057)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
 	NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6 (7.3)
 CVE-2024-47531 (Scout is a web-based visualizer for VCF-files. Due to the lack of sani ...)
@@ -732,7 +732,7 @@ CVE-2024-46293 (Sourcecodester Online Medicine Ordering System 1.0 is vulnerable
 CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access  ...)
 	NOT-FOR-US: PIX-LINK
 CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
-	- giflib <unfixed>
+	- giflib <unfixed> (bug #1084058)
 	NOTE: https://gitlab.com/mthandazo/project-pov
 CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 al ...)
 	NOT-FOR-US: Solvait
@@ -868,7 +868,7 @@ CVE-2024-47186 (Filament is a collection of full-stack components for Laravel de
 CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component /test/ of  ...)
 	NOT-FOR-US: iq3xcite
 CVE-2024-38796 (EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ...)
-	- edk2 <unfixed>
+	- edk2 <unfixed> (bug #1084055)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1993
 	NOTE: https://github.com/tianocore/edk2/pull/6249
@@ -18963,18 +18963,18 @@ CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my
 CVE-2024-6643
 	REJECTED
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
-	- twitter-bootstrap4 <unfixed>
+	- twitter-bootstrap4 <unfixed> (bug #1084059)
 	- twitter-bootstrap3 <not-affected> (Only affects 4.x)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
 CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...)
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #1084060)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #1084060)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
 CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
 	NOT-FOR-US: Schneider Electric



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e02bad49be6385cfbd217c4d5f333037befe41

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e02bad49be6385cfbd217c4d5f333037befe41
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241004/2841e7ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list