[Git][security-tracker-team/security-tracker][master] triage of older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 30 10:07:53 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30325290 by Moritz Muehlenhoff at 2024-10-30T11:07:34+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8238,10 +8238,10 @@ CVE-2024-46293 (Sourcecodester Online Medicine Ordering System 1.0 is vulnerable
CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access ...)
NOT-FOR-US: PIX-LINK
CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
- - giflib <unfixed> (bug #1084058)
- [bookworm] - giflib <no-dsa> (Minor issue)
- [bullseye] - giflib <postponed> (Minor issue)
+ - giflib <unfixed> (bug #1084058; unimportant)
NOTE: https://gitlab.com/mthandazo/project-pov
+ NOTE: Crash in CLI tool, no security impact
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1231189#c1
CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 al ...)
NOT-FOR-US: Solvait
CVE-2024-45792 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a ...)
@@ -123336,7 +123336,7 @@ CVE-2023-29338 (Visual Studio Code Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
- nuget <removed> (bug #1050835)
- [bookworm] - nuget <no-dsa> (Minor issue)
+ [bookworm] - nuget <ignored> (Minor issue)
[bullseye] - nuget <no-dsa> (Minor issue)
[buster] - nuget <postponed> (Can wait for next update)
NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
@@ -132978,7 +132978,7 @@ CVE-2023-26254
RESERVED
CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
- glusterfs 10.3-5 (bug #1031731)
- [bullseye] - glusterfs <no-dsa> (Minor issue)
+ [bullseye] - glusterfs <ignored> (Minor issue)
[buster] - glusterfs <no-dsa> (Minor issue)
NOTE: https://github.com/gluster/glusterfs/issues/3954
CVE-2023-26252
@@ -266054,12 +266054,10 @@ CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potentia
CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...)
NOT-FOR-US: Node hbs
CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...)
- - mootools <unfixed> (bug #1032664)
- [bookworm] - mootools <no-dsa> (Minor issue)
- [bullseye] - mootools <no-dsa> (Minor issue)
- [buster] - mootools <no-dsa> (Minor issue)
+ - mootools <unfixed> (bug #1032664; unimportant)
NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
NOTE: No plan to fix this upstream as upstream consider it too low impact.
+ NOTE: Negligible securiy impact
CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
NOT-FOR-US: Express-handlebars
CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)
@@ -325644,19 +325642,20 @@ CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /
NOT-FOR-US: OpenSNS
CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...)
- oggvideotools <unfixed> (bug #1050836)
- [bookworm] - oggvideotools <no-dsa> (Minor issue)
+ [bookworm] - oggvideotools <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - oggvideotools <no-dsa> (Minor issue)
[buster] - oggvideotools <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/
CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...)
- - oggvideotools <unfixed> (bug #1050836)
+ - oggvideotools <unfixed> (bug #1050836; unimportant)
[bookworm] - oggvideotools <no-dsa> (Minor issue)
[bullseye] - oggvideotools <no-dsa> (Minor issue)
[buster] - oggvideotools <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...)
- oggvideotools <unfixed> (bug #1050836)
- [bookworm] - oggvideotools <no-dsa> (Minor issue)
+ [bookworm] - oggvideotools <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - oggvideotools <no-dsa> (Minor issue)
[buster] - oggvideotools <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/
@@ -408128,7 +408127,7 @@ CVE-2019-10736
RESERVED
CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ...)
- claws-mail <unfixed> (low; bug #926705)
- [bookworm] - claws-mail <no-dsa> (Minor issue)
+ [bookworm] - claws-mail <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - claws-mail <no-dsa> (Minor issue)
[buster] - claws-mail <postponed> (Revisit when fixed upstream)
[stretch] - claws-mail <postponed> (Revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303252907bf9d6705cbe029c1dfc758b623a2773
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303252907bf9d6705cbe029c1dfc758b623a2773
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/7d416ed1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list