[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Sep 15 22:29:03 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
456c2afd by Moritz Muehlenhoff at 2024-09-15T23:28:06+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3022,17 +3022,17 @@ CVE-2024-8108 (The Share This Image plugin for WordPress is vulnerable to Stored
 CVE-2024-7717 (The WP Events Manager plugin for WordPress is vulnerable to time-based ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0111 (NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' wh ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1081905)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
 CVE-2024-0110 (NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` wh ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1081905)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
 CVE-2024-0109 (NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` wh ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1081905)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5564
@@ -3750,7 +3750,7 @@ CVE-2024-44340 (D-Link DIR-846W A1 FW100A43 was discovered to contain a remote c
 	NOT-FOR-US: D-Link
 CVE-2024-43788 (Webpack is a module bundler. Its main purpose is to bundle JavaScript  ...)
 	[experimental] - node-webpack 5.94.0+dfsg1+~cs11.18.26-1
-	- node-webpack <unfixed>
+	- node-webpack <unfixed> (bug #1081906)
 	[bookworm] - node-webpack <no-dsa> (Minor issue)
 	[bullseye] - node-webpack <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
@@ -16908,18 +16908,18 @@ CVE-2024-6501 (A flaw was found in NetworkManager. When a system running Network
 	[bullseye] - network-manager <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
 CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur in the o ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #1081910)
 	[bookworm] - openjpeg2 <no-dsa> (Minor issue)
 	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1474
 CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This f ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #1081909)
 	[bookworm] - openjpeg2 <no-dsa> (Minor issue)
 	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1471
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1470
 CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures can cau ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #1081908)
 	[bookworm] - openjpeg2 <no-dsa> (Minor issue)
 	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1472
@@ -24002,7 +24002,7 @@ CVE-2023-45188 (IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03
 CVE-2023-34003 (Missing Authorization vulnerability in Woo WooCommerce Box Office.This ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37535 (GNOME VTE before 0.76.3 allows an attacker to cause a denial of servic ...)
-	- vte <unfixed>
+	- vte <unfixed> (bug #1081907)
 	[bookworm] - vte <no-dsa> (Minor issue)
 	[bullseye] - vte <no-dsa> (Minor issue)
 	[buster] - vte <postponed> (Minor issue)
@@ -37150,7 +37150,7 @@ CVE-2023-51591 (Voltronic Power ViewPower Pro doDocument XML External Entity Pro
 CVE-2023-51590 (Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Re ...)
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ...)
-	- bluez <unfixed>
+	- bluez <unfixed> (bug #1081912)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -37172,7 +37172,7 @@ CVE-2023-51582 (Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous
 CVE-2023-51581 (Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method R ...)
 	NOT-FOR-US: Voltronic Power ViewPower
 CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ...)
-	- bluez <unfixed>
+	- bluez <unfixed> (bug #1081911)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/456c2afd0254ea1dfe706707ae275bebb2d6bc5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/456c2afd0254ea1dfe706707ae275bebb2d6bc5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240915/3109185d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list