Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7095a387 by Salvatore Bonaccorso at 2024-02-20T23:03:34+01:00
Add CVE-2024-25260/elfutils
- - - - -
84a6fa4e by Salvatore Bonaccorso at 2024-02-20T23:03:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,10 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in
the component /sysFile
CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer
overflo ...)
TODO: check
CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer
dereference v ...)
- TODO: check
+ - elfutils <unfixed> (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31058
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
+ NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_)
(amcl_node. ...)
TODO: check
CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and
tf_liste ...)
@@ -118,11 +121,11 @@ CVE-2024-21678 (This High severity Stored XSS
vulnerability was introduced in ve
CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink
X6000R ...)
NOT-FOR-US: Totolink
CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of
privil ...)
- TODO: check
+ NOT-FOR-US: OPPO
CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs
showed e ...)
TODO: check
CVE-2024-1556 (The incorrect object was checked for NULL in the built-in
profiler, po ...)
@@ -404,7 +407,7 @@ CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external
attacker to remotely
CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This
is pos ...)
NOT-FOR-US: Suite CRM
CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and
BT_GAT ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
