[Git][security-tracker-team/security-tracker][master] 2 commits: new php-laravel-framework issues

Tue Mar 11 12:58:34 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c62bd43 by Moritz Muehlenhoff at 2025-03-11T13:57:40+01:00
new php-laravel-framework issues

- - - - -
01530395 by Moritz Muehlenhoff at 2025-03-11T13:58:15+01:00
rear fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,9 +294,15 @@ CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixe
 CVE-2024-44179 (This issue was addressed by restricting options offered on a locked de ...)
 	NOT-FOR-US: Apple
 CVE-2024-13919 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
-	TODO: check
+	[experimental] - php-laravel-framework 11.44.0-1
+	- php-laravel-framework <unfixed>
+	NOTE: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
+	NOTE: https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33 (v11.36.0)
 CVE-2024-13918 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
-	TODO: check
+	[experimental] - php-laravel-framework 11.44.0-1
+	- php-laravel-framework <unfixed>
+	NOTE: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
+	NOTE: https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33 (v11.36.0)
 CVE-2024-12604 (Cleartext Storage of Sensitive Information in an Environment Variable, ...)
 	NOT-FOR-US: Tapandsign Technologies Tap&Sign App
 CVE-2022-48610 (This issue was addressed through improved state management. This issue ...)
@@ -120955,7 +120961,7 @@ CVE-2024-0481 (A vulnerability was found in Taokeyun up to 1.0.5. It has been ra
 	NOT-FOR-US: Taokeyun
 CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable init ...)
 	{DLA-3733-1}
-	- rear <unfixed> (bug #1060747)
+	- rear 2.7+dfsg-1.2 (bug #1060747)
 	[bookworm] - rear <no-dsa> (Minor issue)
 	[bullseye] - rear <no-dsa> (Minor issue)
 	NOTE: https://github.com/rear/rear/issues/3122



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d7dd0fc3386954d4fff440b98c4a045643a8336...0153039586d05e28934d68018ef332f21ca1d171

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d7dd0fc3386954d4fff440b98c4a045643a8336...0153039586d05e28934d68018ef332f21ca1d171
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/d5b18c04/attachment.htm>
