[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 3 20:12:37 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a61afb8e by security tracker role at 2025-02-03T20:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,317 @@
+CVE-2025-25181 (A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraC ...)
+	TODO: check
+CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_ ...)
+	TODO: check
+CVE-2025-25065 (SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0. ...)
+	TODO: check
+CVE-2025-25064 (SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in  ...)
+	TODO: check
+CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
+	TODO: check
+CVE-2025-25062 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
+	TODO: check
+CVE-2025-24898 (rust-openssl is a set of OpenSSL bindings for the Rust programming lan ...)
+	TODO: check
+CVE-2025-24781 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24697 (Missing Authorization vulnerability in Realwebcare Image Gallery \u201 ...)
+	TODO: check
+CVE-2025-24684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24661 (Deserialization of Untrusted Data vulnerability in MagePeople Team Tax ...)
+	TODO: check
+CVE-2025-24660 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24643 (Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy all ...)
+	TODO: check
+CVE-2025-24642 (Missing Authorization vulnerability in theme funda Setup Default Featu ...)
+	TODO: check
+CVE-2025-24639 (Insertion of Sensitive Information Into Sent Data vulnerability in GRE ...)
+	TODO: check
+CVE-2025-24631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24605 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-24576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24569 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-24559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24556 (Insertion of Sensitive Information into Log File vulnerability in Dual ...)
+	TODO: check
+CVE-2025-24545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23819 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-23799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23527 (Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows  ...)
+	TODO: check
+CVE-2025-23491 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22978 (eladmin <=2.7 is vulnerable to CSV Injection in the exception log down ...)
+	TODO: check
+CVE-2025-22775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22704 (Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri Word ...)
+	TODO: check
+CVE-2025-22703 (Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge  ...)
+	TODO: check
+CVE-2025-22701 (Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler  ...)
+	TODO: check
+CVE-2025-22695 (Authorization Bypass Through User-Controlled Key vulnerability in NirW ...)
+	TODO: check
+CVE-2025-22694 (Missing Authorization vulnerability in theDotstore Hide Shipping Metho ...)
+	TODO: check
+CVE-2025-22693 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-22691 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-22690 (Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimb ...)
+	TODO: check
+CVE-2025-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimi ...)
+	TODO: check
+CVE-2025-22686 (Missing Authorization vulnerability in GSheetConnector CF7 Google Shee ...)
+	TODO: check
+CVE-2025-22685 (Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to K ...)
+	TODO: check
+CVE-2025-22684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22681 (Missing Authorization vulnerability in Xfinity Soft Content Cloner all ...)
+	TODO: check
+CVE-2025-22679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22677 (Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows  ...)
+	TODO: check
+CVE-2025-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22260 (Missing Authorization vulnerability in Pixelite Meta Tag Manager. This ...)
+	TODO: check
+CVE-2025-20643 (In DA, there is a possible out of bounds read due to a missing bounds  ...)
+	TODO: check
+CVE-2025-20642 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2025-20641 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2025-20640 (In DA, there is a possible out of bounds read due to a missing bounds  ...)
+	TODO: check
+CVE-2025-20639 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2025-20638 (In DA, there is a possible read of uninitialized heap data due to unin ...)
+	TODO: check
+CVE-2025-20637 (In network HW, there is a possible system hang due to an uncaught exce ...)
+	TODO: check
+CVE-2025-20636 (In secmem, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2025-20635 (In V6 DA, there is a possible out of bounds write due to a missing bou ...)
+	TODO: check
+CVE-2025-20634 (In Modem, there is a possible out of bounds write due to a missing bou ...)
+	TODO: check
+CVE-2025-20633 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+	TODO: check
+CVE-2025-20632 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+	TODO: check
+CVE-2025-20631 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+	TODO: check
+CVE-2025-0974 (A vulnerability, which was classified as critical, has been found in M ...)
+	TODO: check
+CVE-2025-0973 (A vulnerability classified as critical was found in CmsEasy 7.7.7.9. T ...)
+	TODO: check
+CVE-2025-0972 (A vulnerability classified as problematic has been found in Zenvia Mov ...)
+	TODO: check
+CVE-2025-0971 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
+	TODO: check
+CVE-2025-0970 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
+	TODO: check
+CVE-2025-0015 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
+	TODO: check
+CVE-2024-6790 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+	TODO: check
+CVE-2024-57968 (Advantive VeraCore before 2024.4.2.1 allows remote authenticated users ...)
+	TODO: check
+CVE-2024-57967 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
+	TODO: check
+CVE-2024-57966 (libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absol ...)
+	TODO: check
+CVE-2024-57669 (Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.3 ...)
+	TODO: check
+CVE-2024-57522 (SourceCodester Packers and Movers Management System v1.0 is vulnerable ...)
+	TODO: check
+CVE-2024-57498 (Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allow ...)
+	TODO: check
+CVE-2024-57452 (ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in co ...)
+	TODO: check
+CVE-2024-57450 (ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create templa ...)
+	TODO: check
+CVE-2024-57362
+	REJECTED
+CVE-2024-57238 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL In ...)
+	TODO: check
+CVE-2024-57237 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross  ...)
+	TODO: check
+CVE-2024-57175 (A Stored Cross-Site Scripting (XSS) vulnerability was identified in th ...)
+	TODO: check
+CVE-2024-57099 (ClassCMS v4.8 has a code execution vulnerability. Attackers can exploi ...)
+	TODO: check
+CVE-2024-57098 (Moss v0.1.3 version has an SQL injection vulnerability that allows att ...)
+	TODO: check
+CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admi ...)
+	TODO: check
+CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 al ...)
+	TODO: check
+CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 ...)
+	TODO: check
+CVE-2024-56921 (An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registrat ...)
+	TODO: check
+CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch loader  ...)
+	TODO: check
+CVE-2024-55456 (lunasvg v3.0.1 was discovered to contain a segmentation violation via  ...)
+	TODO: check
+CVE-2024-54840 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
+	TODO: check
+CVE-2024-53943 (An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
+	TODO: check
+CVE-2024-53942 (An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
+	TODO: check
+CVE-2024-50656 (itsourcecode Placement Management System 1.0 is vulnerable to Cross Si ...)
+	TODO: check
+CVE-2024-50500 (Missing Authorization vulnerability in By Averta Shortcodes and extra  ...)
+	TODO: check
+CVE-2024-49843 (Memory corruption while processing IOCTL from user space to handle GPU ...)
+	TODO: check
+CVE-2024-49840 (Memory corruption while Invoking IOCTL calls from user-space to valida ...)
+	TODO: check
+CVE-2024-49839 (Memory corruption during management frame processing due to mismatch i ...)
+	TODO: check
+CVE-2024-49838 (Information disclosure while parsing the OCI IE with invalid length.)
+	TODO: check
+CVE-2024-49837 (Memory corruption while reading CPU state data during guest VM suspend ...)
+	TODO: check
+CVE-2024-49834 (Memory corruption while power-up or power-down sequence of the camera  ...)
+	TODO: check
+CVE-2024-49833 (Memory corruption can occur in the camera when an invalid CID is used.)
+	TODO: check
+CVE-2024-49832 (Memory corruption in Camera due to unusually high number of nodes pass ...)
+	TODO: check
+CVE-2024-45584 (Memory corruption can occur when a compat IOCTL call is followed by a  ...)
+	TODO: check
+CVE-2024-45582 (Memory corruption while validating number of devices in Camera kernel  ...)
+	TODO: check
+CVE-2024-45573 (Memory corruption may occour while generating test pattern due to nega ...)
+	TODO: check
+CVE-2024-45571 (Memory corruption may occour occur when stopping the WLAN interface af ...)
+	TODO: check
+CVE-2024-45569 (Memory corruption while parsing the ML IE due to invalid frame content ...)
+	TODO: check
+CVE-2024-45561 (Memory corruption while handling  IOCTL call from user-space to set la ...)
+	TODO: check
+CVE-2024-45560 (Memory corruption while taking a snapshot with hardware encoder due to ...)
+	TODO: check
+CVE-2024-43333 (Incorrect Privilege Assignment vulnerability in NotFound Admin and Sit ...)
+	TODO: check
+CVE-2024-38420 (Memory corruption while configuring a Hypervisor based input virtual d ...)
+	TODO: check
+CVE-2024-38418 (Memory corruption while parsing the memory map info in IOCTL calls.)
+	TODO: check
+CVE-2024-38417 (Information disclosure while processing IO control commands.)
+	TODO: check
+CVE-2024-38416 (Information disclosure during audio playback.)
+	TODO: check
+CVE-2024-38414 (Information disclosure while processing information on firmware image  ...)
+	TODO: check
+CVE-2024-38413 (Memory corruption while processing frame packets.)
+	TODO: check
+CVE-2024-38412 (Memory corruption while invoking IOCTL calls from user-space to kernel ...)
+	TODO: check
+CVE-2024-38411 (Memory corruption while registering a buffer from user-space to kernel ...)
+	TODO: check
+CVE-2024-38404 (Transient DOS when registration accept OTA is received with incorrect  ...)
+	TODO: check
+CVE-2024-36437 (The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) a ...)
+	TODO: check
+CVE-2024-20147 (In Bluetooth FW, there is a possible reachable assertion due to improp ...)
+	TODO: check
+CVE-2024-20142 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
+	TODO: check
+CVE-2024-20141 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
+	TODO: check
+CVE-2024-13347 (The Essential WP Real Estate WordPress plugin through 1.1.3 does not e ...)
+	TODO: check
+CVE-2024-12859 (The BoomBox Theme Extensions plugin for WordPress is vulnerable to Loc ...)
+	TODO: check
+CVE-2024-12511 (With address book access, SMB/FTP settings could be modified, redirect ...)
+	TODO: check
+CVE-2024-12510 (If LDAP settings are accessed, authentication could be redirected to a ...)
+	TODO: check
+CVE-2024-11134 (The Eventer plugin for WordPress is vulnerable to unauthorized access  ...)
+	TODO: check
+CVE-2024-11133 (The Eventer plugin for WordPress is vulnerable to unauthorized access  ...)
+	TODO: check
+CVE-2024-11132 (The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2024-10395 (No proper validation of the length of user input in http_server_get_co ...)
+	TODO: check
 CVE-2025-0967 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
 	NOT-FOR-US: code-projects Chat System
 CVE-2025-0961 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -2977,7 +3291,7 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.41-1 (bug #1093877)
 CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DLA-4037-1}
+	{DSA-5857-1 DLA-4037-1}
 	- openjdk-8 <unfixed> (bug #1093878)
 	- openjdk-11 11.0.26+4-1
 	- openjdk-17 17.0.14+7-1
@@ -5152,7 +5466,7 @@ CVE-2024-10775 (The Piotnet Addons For Elementor plugin for WordPress is vulnera
 CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...)
 	NOT-FOR-US: Mongoose
 CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...)
-	{DSA-5853-1}
+	{DSA-5853-1 DLA-4040-1}
 	- pam-u2f 1.3.1-1
 	NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/a96ef17f74b8e4ed80a97322120af1a228a1ffb7 (pam_u2f-1.3.1)
 	NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/08199144d870a63275a4601dbc6751ac68d48301 (pam_u2f-1.3.1)
@@ -21342,7 +21656,7 @@ CVE-2024-52340 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-52339 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-52304 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.10.11-1 (bug #1088109)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
 	NOTE: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71 (v3.10.11)
@@ -78400,7 +78714,7 @@ CVE-2024-4140 (An excessive memory use issue (CWE-770) exists in Email-MIME, bef
 CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. Due  ...)
 	- wildfly <itp> (bug #752018)
 CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.9.5-1 (bug #1070364)
 	[buster] - python-aiohttp <postponed> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
@@ -81979,6 +82293,7 @@ CVE-2024-28185 (Judge0 is an open-source online code execution system. The appli
 CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open Redirectio ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	{DLA-4041-1}
 	- python-aiohttp 3.9.5-1 (bug #1070665)
 	[bookworm] - python-aiohttp <ignored> (Minor issue)
 	[buster] - python-aiohttp <postponed> (Minor issue)
@@ -104734,6 +105049,7 @@ CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD
 	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003
 CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	{DLA-4041-1}
 	- python-aiohttp 3.9.5-1 (bug #1062708)
 	[bookworm] - python-aiohttp <ignored> (Minor issue)
 	[buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -104742,7 +105058,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master)
 	NOTE: https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82 (v3.9.2)
 CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.9.5-1 (bug #1062709)
 	[buster] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
@@ -116772,14 +117088,14 @@ CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces a
 CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...)
 	NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security)
 CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.9.1-1 (bug #1057164)
 	[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
 	NOTE: https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc (master)
 	NOTE: https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a (v3.9.0b1)
 CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.9.1-1 (bug #1057163)
 	[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
@@ -118797,6 +119113,7 @@ CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed for
 CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all versio ...)
 	NOT-FOR-US: ASUSTeK
 CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	{DLA-4041-1}
 	- python-aiohttp 3.8.1-1
 	[buster] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
@@ -118808,7 +119125,7 @@ CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing t
 CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...)
 	NOT-FOR-US: Kyverno
 CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
-	{DSA-5828-1}
+	{DSA-5828-1 DLA-4041-1}
 	- python-aiohttp 3.8.6-1
 	[buster] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61afb8efa867d5b4501cb1c92e435c8dc3d299e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61afb8efa867d5b4501cb1c92e435c8dc3d299e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250203/0a602b3c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list