[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 27 14:50:46 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d0ca122 by Moritz Muehlenhoff at 2024-09-27T15:50:09+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5862,10 +5862,9 @@ CVE-2024-44761 (An issue in EQ Enterprise Management System before v2.0.0 allows
 CVE-2024-44760 (Incorrect access control in the component /servlet/SnoopServlet of She ...)
 	NOT-FOR-US: Shenzhou News Union Enterprise Management System
 CVE-2024-43805 (jupyterlab is an extensible environment for interactive and reproducib ...)
-	- jupyterlab <unfixed>
-	- jupyter-notebook <undetermined>
+	- jupyterlab <unfixed> (bug #1082871)
+	- jupyter-notebook <unfixed> (bug #1082872)
 	NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2
-	TODO: check advisory details
 CVE-2024-42905 (Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60  ...)
 	NOT-FOR-US: Beijing Digital China Cloud Technology Co., Ltd. DCME-320
 CVE-2024-42900 (Ruoyi v4.7.9 and before was discovered to contain a cross-site scripti ...)
@@ -6670,7 +6669,7 @@ CVE-2024-42914 (A host header injection vulnerability exists in the forgot passw
 CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b ...)
 	NOT-FOR-US: AcuToWeb server
 CVE-2024-42845 (An eval Injection vulnerability in the component invesalius/reader/dic ...)
-	- invesalius <unfixed>
+	- invesalius <unfixed> (bug #1082875)
 	[bookworm] - invesalius <no-dsa> (Minor issue)
 	[bullseye] - invesalius <postponed> (Minor issue)
 	NOTE: https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
@@ -8071,7 +8070,7 @@ CVE-2024-43400 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2024-43399 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
 	NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2024-43380 (fugit contains time tools for flor and the floraison group. The fugit  ...)
-	- ruby-fugit <unfixed>
+	- ruby-fugit <unfixed> (bug #1082874)
 	[bookworm] - ruby-fugit <no-dsa> (Minor issue)
 	[bullseye] - ruby-fugit <postponed> (Minor issue)
 	NOTE: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d0ca122bbe3fca08f03c1f1b3f227377b64661c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d0ca122bbe3fca08f03c1f1b3f227377b64661c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/a1958319/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list