[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-26020, CVE-2024-29073, CVE-2024-32152 & CVE-2024-32484 in anki for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Wed Sep 25 16:50:32 BST 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccecd859 by Chris Lamb at 2024-09-25T08:50:03-07:00
Triage CVE-2024-26020, CVE-2024-29073, CVE-2024-32152 & CVE-2024-32484 in anki for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14515,17 +14515,21 @@ CVE-2024-33933 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32484 (An reflected XSS vulnerability exists in the handling of invalid paths ...)
 	- anki <unfixed> (bug #1077548)
+	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995
 CVE-2024-32152 (A blocklist bypass vulnerability exists in the LaTeX functionality of  ...)
 	- anki <unfixed> (bug #1077548)
+	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994
 CVE-2024-29073 (An vulnerability in the handling of Latex exists in Ankitects Anki 24. ...)
 	- anki <unfixed> (bug #1077548)
+	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
 CVE-2024-28698 (Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0  ...)
 	NOT-FOR-US: Marimer LLC CSLA
 CVE-2024-26020 (An arbitrary script execution vulnerability exists in the MPV function ...)
 	- anki <unfixed> (bug #1077548)
+	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1993
 CVE-2024-25638 (dnsjava is an implementation of DNS in Java. Records in DNS replies ar ...)
 	- dnsjava <unfixed> (bug #1077368)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccecd8597820ca68e4ed2322f929a1ee2571661b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccecd8597820ca68e4ed2322f929a1ee2571661b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240925/222d1404/attachment.htm>

More information about the debian-security-tracker-commits mailing list