[Git][security-tracker-team/security-tracker][master] Add new suricata CVEs

Mon Jan 6 21:00:51 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a681fa3 by Salvatore Bonaccorso at 2025-01-06T22:00:18+01:00
Add new suricata CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,21 +19,46 @@ CVE-2024-8474 (OpenVPN Connect before version 3.5.0 can contain the configuratio
 CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the c ...)
 	TODO: check
 CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.8-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7 (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8 (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/870fe6ea192fb1069189d9319a3940e48a41488d (suricata-7.0.8)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/c4d8790db85164714c92556fbc8e849e9df6355b (suricata-7.0.8)
 CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.8-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/58c41a7fa99f62d9a8688e970ab1a9b09c79723a (suricata-7.0.8)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/5edb84fe234f47a0fedfbf9b10b49699152fe8cb (suricata-7.0.8)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060 (suricata-7.0.8)
 CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.8-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432 (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd (suricata-7.0.8)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/949bfeca0e5f92212dc3d79f4a87c7c482d376aa (suricata-7.0.8)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e (suricata-7.0.8)
 CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.8-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb (master)
+	NOTE: Fixed by: https://github.com/OISF/suricata/commit/470795e65ba77cffba3aed850313a5f23c4b278d (suricata-7.0.8)
 CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
-	TODO: check
+	- suricata 1:7.0.8-1
+	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289
+	TODO: check fixing commits
 CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_user ...)
 	TODO: check
 CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0 ...)
 	TODO: check
 CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Acces ...)
 	TODO: check
+
 CVE-2024-54880 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...)
 	TODO: check
 CVE-2024-54879 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a681fa39bde183301aa0d526e44c5234dbab653

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a681fa39bde183301aa0d526e44c5234dbab653
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250106/eb8f1e64/attachment.htm>
