[Git][security-tracker-team/security-tracker][master] Update status for already fixed kanboard issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 29 05:20:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a7a0a42 by Salvatore Bonaccorso at 2025-08-29T06:20:03+02:00
Update status for already fixed kanboard issues

More recent ones are only fixed in later versions not yet uploaded.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79852,7 +79852,7 @@ CVE-2024-56116 (A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7
 CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to ...)
 	NOT-FOR-US: Amiro.CMS
 CVE-2024-55603 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <unfixed> (bug #1090923)
+	- kanboard 1.2.44+ds-1 (bug #1090923)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484
 	NOTE: https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78 (v1.2.43)
 CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management System v1.0  ...)
@@ -84026,7 +84026,7 @@ CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to prese
 CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to improper si ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-54001 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <unfixed> (bug #1089187)
+	- kanboard 1.2.44+ds-1 (bug #1089187)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj
 CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...)
 	- rust-pgp 0.14.2-1
@@ -91222,10 +91222,10 @@ CVE-2024-52286 (Stirling-PDF is a locally hosted web application that allows you
 CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application develop ...)
 	NOT-FOR-US: Orchid laravel package
 CVE-2024-51748 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <unfixed> (bug #1088798)
+	- kanboard 1.2.44+ds-1 (bug #1088798)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p
 CVE-2024-51747 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <unfixed> (bug #1088798)
+	- kanboard 1.2.44+ds-1 (bug #1088798)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
 CVE-2024-51490 (Ampache is a web based audio/video streaming application and file mana ...)
 	- ampache <removed>
@@ -132036,7 +132036,7 @@ CVE-2024-36732 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to caus
 CVE-2024-36730 (Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attack ...)
 	NOT-FOR-US: OneFlow
 CVE-2024-36399 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <unfixed> (bug #1072791)
+	- kanboard 1.2.44+ds-1 (bug #1072791)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv
 	NOTE: https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7 (v1.2.37)
 CVE-2024-36394 (SysAid - CWE-78: Improper Neutralization of Special Elements used in a ...)
@@ -173315,7 +173315,7 @@ CVE-2024-22725 (Orthanc versions before 1.12.2 are affected by a reflected cross
 	[buster] - orthanc <postponed> (Minor issue, XSS)
 	NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0
 CVE-2024-22720 (Kanboard 1.2.34 is vulnerable to Html Injection in the group managemen ...)
-	- kanboard <unfixed> (bug #1062710)
+	- kanboard 1.2.44+ds-1 (bug #1062710)
 	NOTE: https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b
 	NOTE: https://github.com/kanboard/kanboard/issues/5411
 	NOTE: Fixed by: https://github.com/kanboard/kanboard/commit/70df1210259a2e5ec258a753318bddfda6f7d024 (v1.2.35)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a7a0a428e7b463ca44572f853aec073660ae613

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a7a0a428e7b463ca44572f853aec073660ae613
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/b941f91a/attachment.htm>

More information about the debian-security-tracker-commits mailing list