[Git][security-tracker-team/security-tracker][master] Add upstream tag references for fixes
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 19 16:34:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f48e137a by Salvatore Bonaccorso at 2024-10-19T17:34:18+02:00
Add upstream tag references for fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -487,15 +487,24 @@ CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView me
CVE-2024-47889 (Action Mailer is a framework for designing email service layers. Start ...)
- rails <unfixed> (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
- NOTE: https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
+ NOTE: https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e (v7.2.1.1)
+ NOTE: https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3 (v7.1.4.1)
+ NOTE: https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94 (v7.0.8.5)
+ NOTE: https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9 (v6.1.7.9)
CVE-2024-47888 (Action Text brings rich text content and editing to Rails. Starting in ...)
- rails <unfixed> (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
- NOTE: https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
+ NOTE: https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e (v7.2.1.1)
+ NOTE: https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5 (v7.1.4.1)
+ NOTE: https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822 (v7.0.8.5)
+ NOTE: https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468 (v6.1.7.9)
CVE-2024-47887 (Action Pack is a framework for handling and responding to web requests ...)
- rails <unfixed> (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
- NOTE: https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
+ NOTE: https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2 (v7.2.1.1)
+ NOTE: https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a (v7.1.4.1)
+ NOTE: https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049 (v7.0.8.5)
+ NOTE: https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545 (v6.1.7.9)
CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code execution ( ...)
NOT-FOR-US: REDAXO CMS
CVE-2024-46212 (An issue in the component /index.php?page=backup/export of REDAXO CMS ...)
@@ -641,7 +650,10 @@ CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to st
CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
- rails <unfixed> (bug #1085376)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
- NOTE: https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
+ NOTE: https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075 (v7.2.1.1)
+ NOTE: https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef (v7.1.4.1)
+ NOTE: https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891 (v7.0.8.5)
+ NOTE: https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd (v6.1.7.9)
CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was private ...)
NOT-FOR-US: VMware
CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive PairReqNoI ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f48e137a632bff5537118706bf96f884daaffc72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f48e137a632bff5537118706bf96f884daaffc72
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241019/f2a6b04d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list