[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 27 14:03:55 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
656a6dbc by Moritz Muehlenhoff at 2024-09-27T15:03:38+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2024-9130 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin
 CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can  ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1082848)
 	[bookworm] - freeimage <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/freeimage/bugs/351/
 CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
@@ -103,7 +103,7 @@ CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible bad
 CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-te ...)
 	NOT-FOR-US: RSSHub
 CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems. Starting in ...)
-	- nix <unfixed>
+	- nix <unfixed> (bug #1082847)
 	NOTE: https://github.com/NixOS/nix/commit/062b4a489e30da9c85fa4ff15cfdd2e51cac7b90
 	NOTE: https://github.com/NixOS/nix/pull/11585
 	NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c
@@ -142,7 +142,7 @@ CVE-2024-47044 (Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TE
 CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to valida ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
-	- assimp <unfixed>
+	- assimp <unfixed> (bug #1082857)
 	NOTE: https://github.com/assimp/assimp/issues/5771
 CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows attackers to ex ...)
 	NOT-FOR-US: BECN DATAGERRY
@@ -290,7 +290,7 @@ CVE-2022-49038 (Inclusion of functionality from untrusted control sphere vulnera
 CVE-2022-49037 (Insertion of sensitive information into log file vulnerability in prox ...)
 	NOT-FOR-US: Synology
 CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability]
-	- bluez <unfixed>
+	- bluez <unfixed> (bug #1082849)
 	[bookworm] - bluez <no-dsa> (Minor issue)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
 	NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
@@ -2331,7 +2331,7 @@ CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request w
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored in Ans ...)
-	- ansible-core <unfixed>
+	- ansible-core <unfixed> (bug #1082851)
 	[bookworm] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1
 	NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
@@ -4031,7 +4031,7 @@ CVE-2024-44839 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulner
 CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: RapidCMS
 CVE-2024-8443 (A heap-based buffer overflow vulnerability was found in the libopensc  ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082853)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494
@@ -4264,10 +4264,9 @@ CVE-2024-8461 (A vulnerability, which was classified as problematic, was found i
 CVE-2024-8460 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: D-Link
 CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1082852)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310110
 	NOTE: CVE exists because of an insufficent/incomplete fix for CVE-2024-2199
-	TODO: check details
 CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries, whi ...)
 	NOT-FOR-US: FlyCASS CASS and KCM systems
 CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
@@ -8849,7 +8848,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to unauthoriz
 CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7885 (A vulnerability was found in Undertow where the ProxyProtocolReadListe ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1082854)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
 CVE-2024-7646 (A security issue was discovered in ingress-nginx where an actor with p ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
@@ -11182,7 +11181,7 @@ CVE-2024-7502 (A crafted DPA file could force Delta Electronics DIAScreen to ove
 CVE-2024-7317 (The Folders \u2013 Unlimited Folders to Organize Media Library Folder, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7246 (It's possible for a gRPC client communicating with a HTTP/2 proxy to p ...)
-	- grpc <unfixed>
+	- grpc <unfixed> (bug #1082856)
 	[bookworm] - grpc <no-dsa> (Minor issue)
 	[bullseye] - grpc <postponed> (Minor issue, light cache poisoning and infoleak)
 	NOTE: https://github.com/grpc/grpc/issues/36245
@@ -11932,7 +11931,7 @@ CVE-2024-38321 (IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.
 CVE-2024-37286 (APM server logs contain document body from a partially failed bulk ind ...)
 	NOT-FOR-US: APM server
 CVE-2024-7319 (An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensi ...)
-	- heat <unfixed>
+	- heat <unfixed> (bug #1082855)
 	[bookworm] - heat <no-dsa> (Minor issue)
 	[bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not applied)
 	NOTE: https://storyboard.openstack.org/#!/story/2011007



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656a6dbc8c9e899c67f73616d2dcdf7e451ca51d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656a6dbc8c9e899c67f73616d2dcdf7e451ca51d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/597f564f/attachment.htm>


More information about the debian-security-tracker-commits mailing list