[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 20 20:12:21 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57b507af by security tracker role at 2025-01-20T20:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,45 @@
-CVE-2023-52923 [netfilter: nf_tables: adapt set backend to use GC transaction API]
+CVE-2025-24337 (WriteFreely through 0.15.1, when MySQL is used, allows local users to  ...)
+	TODO: check
+CVE-2025-24013 (CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgn ...)
+	TODO: check
+CVE-2025-24010 (Vite is a frontend tooling framework for javascript. Vite allowed any  ...)
+	TODO: check
+CVE-2025-23221 (Fedify is a TypeScript library for building federated server apps powe ...)
+	TODO: check
+CVE-2025-23220 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23219 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23218 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23214 (Cosmos provides users the ability self-host a home server by acting as ...)
+	TODO: check
+CVE-2025-23044 (PwnDoc is a penetration test report generator. There is no CSRF protec ...)
+	TODO: check
+CVE-2025-22620 (gitoxide is an implementation of git written in Rust. Prior to 0.17.0, ...)
+	TODO: check
+CVE-2025-22131 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...)
+	TODO: check
+CVE-2025-0479 (This vulnerability exists in the CP Plus Router due to insecure handli ...)
+	TODO: check
+CVE-2024-51738 (Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 an ...)
+	TODO: check
+CVE-2024-45647 (IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Veri ...)
+	TODO: check
+CVE-2024-22349 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0 ...)
+	TODO: check
+CVE-2024-22348 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0 ...)
+	TODO: check
+CVE-2024-22347 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0 ...)
+	TODO: check
+CVE-2024-13176 (Issue summary: A timing side-channel which could potentially allow rec ...)
+	TODO: check
+CVE-2023-52923 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.4.11-1
 	[bookworm] - linux 6.1.64-1
 	[bullseye] - linux 5.10.205-1
 	NOTE: https://git.kernel.org/linus/f6c383b8c31a93752a52697f8430a71dcbc46adf (6.5-rc6)
-CVE-2025-21655 [io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period]
+CVE-2025-21655 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.12.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c9a40292a44e78f71258b8522655bffaf5753bdb (6.13-rc7)
@@ -5020,6 +5056,7 @@ CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 an
 CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-46981 (Redis is an open source, in-memory database that persists on disk. An  ...)
+	{DLA-4025-1}
 	- redis <unfixed> (bug #1092370)
 	- redict 7.3.2+ds-1 (bug #1092372)
 	- valkey 8.0.2+dfsg1-1 (bug #1092371)
@@ -45198,6 +45235,7 @@ CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
 CVE-2024-7006 (A null pointer dereference flaw was found in Libtiff via `tif_dirinfo. ...)
+	{DLA-4026-1}
 	- tiff 4.5.1+git230720-5 (bug #1078648)
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/559
@@ -101445,6 +101483,7 @@ CVE-2023-6482 (Use of encryption key derived from static information in Synaptic
 CVE-2023-6470
 	REJECTED
 CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow a ...)
+	{DLA-4024-1}
 	[experimental] - poco 1.13.0-1
 	- poco 1.13.0-6
 	[bookworm] - poco 1.11.0-3+deb12u1
@@ -101876,7 +101915,7 @@ CVE-2023-6267 (A flaw was found in the json payload. If annotation based securit
 CVE-2023-5675 (A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reacti ...)
 	NOT-FOR-US: Quarkus
 CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be trigger ...)
-	{DLA-3758-1}
+	{DLA-4026-1 DLA-3758-1}
 	- tiff 4.5.1+git230720-4 (bug #1061524)
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
@@ -104469,6 +104508,7 @@ CVE-2023-6040 (An out-of-bounds access vulnerability involving netfilter was rep
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/1
 	NOTE: https://git.kernel.org/linus/f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 (5.18-rc1)
 CVE-2023-52339 (In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can  ...)
+	{DLA-4023-1}
 	- libebml 1.4.5-1
 	[bookworm] - libebml 1.4.4-1+deb12u1
 	[buster] - libebml <no-dsa> (Minor issue)
@@ -134575,7 +134615,7 @@ CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Re
 CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.1~rc3-1 (bug #1040945)
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
@@ -137433,7 +137473,7 @@ CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capabilit
 	- linux <not-affected> (Vulnerable code never in released version in unstable)
 	NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
 CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.0-5
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468
@@ -137482,7 +137522,7 @@ CVE-2023-31411 (A remote unprivileged attacker can modify and access configurati
 CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...)
 	NOT-FOR-US: SICK
 CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c file ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479
@@ -155825,14 +155865,14 @@ CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon
 CVE-2023-26967
 	RESERVED
 CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1)
 CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472
@@ -160575,7 +160615,7 @@ CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContig
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1)
 	NOTE: Same fix as CVE-2023-0795.
 CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiff ...)
-	{DLA-3513-1}
+	{DLA-4026-1 DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/520



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b507afb60350de2c07dfc80974818e83a1c804

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b507afb60350de2c07dfc80974818e83a1c804
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250120/4b523eae/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list