[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 3 09:12:26 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3072e5cf by security tracker role at 2024-09-03T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2024-8380 (A vulnerability was found in SourceCodester Contact Manager with Expor ...)
+	TODO: check
+CVE-2024-7261 (The improper neutralization of special elements in the parameter "host ...)
+	TODO: check
+CVE-2024-7203 (A post-authentication command injection vulnerability in Zyxel ATP ser ...)
+	TODO: check
+CVE-2024-6343 (A buffer overflow vulnerability in the CGI program of Zyxel ATP series ...)
+	TODO: check
+CVE-2024-5412 (A buffer overflow vulnerability in the library "libclinkc" of the Zyxe ...)
+	TODO: check
+CVE-2024-45623 (D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers  ...)
+	TODO: check
+CVE-2024-42061 (A reflected cross-site scripting (XSS) vulnerability in the CGI progra ...)
+	TODO: check
+CVE-2024-42060 (A post-authentication command injection vulnerability in Zyxel ATP ser ...)
+	TODO: check
+CVE-2024-42059 (A post-authentication command injection vulnerability in Zyxel ATP ser ...)
+	TODO: check
+CVE-2024-42058 (A null pointer dereference vulnerability in Zyxel ATP series firmware  ...)
+	TODO: check
+CVE-2024-42057 (A command injection vulnerability in the IPSec VPN feature of Zyxel AT ...)
+	TODO: check
+CVE-2024-37136 (Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of  ...)
+	TODO: check
 CVE-2024-45620
 	- opensc <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309289
@@ -3024,6 +3048,7 @@ CVE-2024-44076 (In Microcks before 1.10.0, the POST /api/import and POST /api/ex
 CVE-2024-44073 (The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust al ...)
 	NOT-FOR-US: Miniscript (aka rust-miniscript)
 CVE-2024-44070 (An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_enca ...)
+	{DLA-3865-1}
 	- frr <unfixed> (bug #1079649)
 	NOTE: https://github.com/FRRouting/frr/pull/16497
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3d56a1b4387c759b2c943e41d312ae0e6a7160b9
@@ -7953,7 +7978,7 @@ CVE-2024-40796 (A privacy issue was addressed with improved private data redacti
 CVE-2024-40795 (This issue was addressed with improved data protection. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2024-40794 (This issue was addressed through improved state management. This issue ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7962,7 +7987,7 @@ CVE-2024-40794 (This issue was addressed through improved state management. This
 CVE-2024-40793 (This issue was addressed by removing the vulnerable code. This issue i ...)
 	NOT-FOR-US: Apple
 CVE-2024-40789 (An out-of-bounds access issue was addressed with improved bounds check ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7975,7 +8000,7 @@ CVE-2024-40787 (This issue was addressed by adding an additional prompt for user
 CVE-2024-40786 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2024-40785 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7986,7 +8011,7 @@ CVE-2024-40784 (An integer overflow was addressed with improved input validation
 CVE-2024-40783 (The issue was addressed with improved restriction of data container ac ...)
 	NOT-FOR-US: Apple
 CVE-2024-40782 (A use-after-free issue was addressed with improved memory management.  ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7995,14 +8020,14 @@ CVE-2024-40782 (A use-after-free issue was addressed with improved memory manage
 CVE-2024-40781 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2024-40780 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
 	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
 	NOTE: https://webkitgtk.org/security/WSA-2024-0004.html
 CVE-2024-40779 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -8013,7 +8038,7 @@ CVE-2024-40778 (An authentication issue was addressed with improved state manage
 CVE-2024-40777 (An out-of-bounds access issue was addressed with improved bounds check ...)
 	NOT-FOR-US: Apple
 CVE-2024-40776 (A use-after-free issue was addressed with improved memory management.  ...)
-	{DSA-5762-1}
+	{DSA-5762-1 DLA-3864-1}
 	- webkit2gtk 2.44.3-1
 	- wpewebkit 2.44.3-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -32984,7 +33009,7 @@ CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allow ...)
-	{DSA-5762-1 DSA-5683-1}
+	{DSA-5762-1 DSA-5683-1 DLA-3864-1}
 	- chromium 124.0.6367.155-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -43738,12 +43763,12 @@ CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow a
 	NOTE: https://github.com/FRRouting/frr/commit/e08495a4a8ad4d2050691d9e5e13662d2635b2e0
 	NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0)
 CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 10.0.1-0.1 (bug #1072125)
 	NOTE: https://github.com/FRRouting/frr/pull/15640
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 10.0.1-0.1 (bug #1072126)
 	NOTE: https://github.com/FRRouting/frr/pull/15628
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
@@ -77770,14 +77795,14 @@ CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts XM
 CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/pull/12951
 	NOTE: https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0)
 	NOTE: https://github.com/FRRouting/frr/pull/12956
 	NOTE: https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5)
 CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.4-1
 	[bookworm] - frr 8.4.4-1.1~deb12u1
 	NOTE: https://github.com/FRRouting/frr/pull/12884
@@ -77851,14 +77876,14 @@ CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS v
 	- roundcube 1.6.5+dfsg-1 (bug #1055421)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5)
 CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b
 	NOTE: https://github.com/FRRouting/frr/pull/14716
 	NOTE: https://github.com/FRRouting/frr/pull/14861 (backport to 9.0)
 	NOTE: https://github.com/FRRouting/frr/pull/14735 (backport to 9.1)
 CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf
 CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...)
@@ -79239,12 +79264,12 @@ CVE-2023-5139 (Potential buffer overflow vulnerability at the following location
 CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization bypass b ...)
 	NOT-FOR-US: admin panel for Obl.ong
 CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch)
 CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It mishandles  ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch)
@@ -167315,7 +167340,7 @@ CVE-2022-37037
 CVE-2022-37036
 	RESERVED
 CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1016978)
 	NOTE: https://github.com/FRRouting/frr/issues/11698
 	NOTE: https://github.com/FRRouting/frr/pull/11926
@@ -183597,7 +183622,7 @@ CVE-2022-31165
 CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
 	NOT-FOR-US: Tovy
 CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...)
-	{DLA-3077-1}
+	{DLA-3866-1 DLA-3077-1}
 	- ruby-tzinfo 2.0.4-2
 	NOTE: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
 	NOTE: https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf (v0.3.61)
@@ -198759,27 +198784,27 @@ CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The
 	NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
 	NOTE: https://git.kernel.org/linus/23f57406b82de51809d5812afd96f210f8b627f3
 CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	NOTE: https://github.com/FRRouting/frr/issues/10503
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26128)
 CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	NOTE: https://github.com/FRRouting/frr/issues/10502
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26129)
 CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	NOTE: https://github.com/FRRouting/frr/issues/10487
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10494
 CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	NOTE: https://github.com/FRRouting/frr/issues/10505
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10566
 CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
-	{DLA-3797-1}
+	{DLA-3865-1 DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	NOTE: https://github.com/FRRouting/frr/issues/10507
 	NOTE: Fix (8.2): https://github.com/FRRouting/frr/pull/10542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3072e5cf47ceef7cea62a9f79eb058a06a94c9be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3072e5cf47ceef7cea62a9f79eb058a06a94c9be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/22760262/attachment.htm>

More information about the debian-security-tracker-commits mailing list