Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ced26434 by Salvatore Bonaccorso at 2024-03-02T21:17:40+01:00
Process some new NFUs
- - - - -
ed67b99b by Salvatore Bonaccorso at 2024-03-02T21:21:53+01:00
Mark two gnutls28 issues as no-dsa for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2024-1449 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1398 (The Ultimate Bootstrap Elements for Elementor plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0611 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0378 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and
more! plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6326 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software
v.1.0 allo ...)
NOT-FOR-US: Petrol Pump Mangement Software
CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software
v.1.0 al ...)
@@ -25,9 +25,9 @@ CVE-2024-25436 (A cross-site scripting (XSS) vulnerability in
the Production mod
CVE-2024-25434 (A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3
allows atta ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
CVE-2024-25064 (Due to insufficient server-side validation, an attacker with
login pri ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2024-25063 (Due to insufficient server-side validation, a successful
exploit of th ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2024-24512 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an
attacker ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
CVE-2024-24511 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an
attacker ...)
@@ -10089,6 +10089,7 @@ CVE-2024-0569 (A vulnerability classified as
problematic has been found in Totol
CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which
uses gnuTL ...)
- gnutls28 3.8.3-1 (bug #1061045)
[bookworm] - gnutls28 3.7.9-2+deb12u2
+ [bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point
release)
[buster] - gnutls28 <not-affected> (Vulnerabity introduced in 3.7)
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1521
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09
@@ -10104,6 +10105,7 @@ CVE-2024-0553 (A vulnerability was found in GnuTLS. The
response times to malfor
{DLA-3740-1}
- gnutls28 3.8.3-1 (bug #1061046)
[bookworm] - gnutls28 3.7.9-2+deb12u2
+ [bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point
release)
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1522
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14
NOTE:
https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e
(3.8.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/342261abab386c64c6bae5767653b26b5204e72d...ed67b99b56792adb83c8fc2872a6940449bc34f9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/342261abab386c64c6bae5767653b26b5204e72d...ed67b99b56792adb83c8fc2872a6940449bc34f9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
