[Git][security-tracker-team/security-tracker][master] Add two new waitress issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 30 07:14:16 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c059802b by Salvatore Bonaccorso at 2024-10-30T08:13:54+01:00
Add two new waitress issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -113,9 +113,18 @@ CVE-2024-50334 (Scoold is a Q&A and a knowledge sharing platform for teams. A se
 CVE-2024-50052 (Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-49769 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
-	TODO: check
+	- waitress <unfixed>
+	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
+	NOTE: https://github.com/Pylons/waitress/issues/418
+	NOTE: https://github.com/Pylons/waitress/pull/435
+	NOTE: Fixed by: https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c (v3.0.1)
 CVE-2024-49768 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
-	TODO: check
+	- waitress <unfixed>
+	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
+	NOTE: Fixed by: https://github.com/Pylons/waitress/commit/6943dcf556610ece2ff3cddb39e59a05ef110661 (v3.0.1)
+	NOTE: Test: https://github.com/Pylons/waitress/commit/7e7f11e61d358ab1cb853fcadf2b46b1f00f5993 (v3.0.1)
+	NOTE: Fixed by: https://github.com/Pylons/waitress/commit/f4ba1c260cf17156b582c6252496213ddc96b591 (v3.0.1)
+	NOTE: Documentation update: https://github.com/Pylons/waitress/commit/810a435f9e9e293bd3446a5ce2df86f59c4e7b1b (v3.0.1)
 CVE-2024-49692 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49679 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c059802b71b9b4ff6ebf909c6343dae7f004dab2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c059802b71b9b4ff6ebf909c6343dae7f004dab2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/e86a1062/attachment.htm>

More information about the debian-security-tracker-commits mailing list