[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) Tue, 12 Nov 2024 03:34:12 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f8a79646 by Moritz Muehlenhoff at 2024-11-12T12:33:25+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30221,7 +30221,7 @@ CVE-2024-6643
        REJECTED
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
        - twitter-bootstrap4 <unfixed> (bug #1084059)
-       [bookworm] - twitter-bootstrap4 <no-dsa> (Minor issue)
+       [bookworm] - twitter-bootstrap4 <postponed> (Minor issue, revisit when 
fixed upstream)
        [bullseye] - twitter-bootstrap4 <postponed> (Minor issue; can be fixed 
in next update)
        - twitter-bootstrap3 <not-affected> (Only affects 4.x)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
@@ -30230,13 +30230,13 @@ CVE-2024-6528 (CWE-79: Improper Neutralization of 
Input During Web Page Generati
 CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that 
could e ...)
        - twitter-bootstrap4 <not-affected> (Only affects 3.x)
        - twitter-bootstrap3 <unfixed> (bug #1084060)
-       [bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when 
fixed upstream)
        [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed 
in next update)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
        - twitter-bootstrap4 <not-affected> (Only affects 3.x)
        - twitter-bootstrap3 <unfixed> (bug #1084060)
-       [bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when 
fixed upstream)
        [bullseye] - twitter-bootstrap3 <postponed> (Minor issue; can be fixed 
in next update)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
 CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could 
cause di ...)
@@ -55236,10 +55236,10 @@ CVE-2024-33903 (In CARLA through 0.9.15.2, the 
collision sensor mishandles some
        NOT-FOR-US: CARLA (carla-simulator)
 CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows 
attacke ...)
        - rar 2:7.00-1
-       [bookworm] - rar <no-dsa> (Non-free not supported)
+       [bookworm] - rar <ignored> (Non-free not supported)
        [bullseye] - rar <no-dsa> (Non-free not supported)
        - unrar-nonfree 1:7.0.3-1
-       [bookworm] - unrar-nonfree <no-dsa> (Non-free not supported)
+       [bookworm] - unrar-nonfree <ignored> (Non-free not supported)
        [bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983
 CVE-2024-33891 (Delinea Secret Server before 11.7.000001 allows attackers to 
bypass au ...)
@@ -157250,7 +157250,7 @@ CVE-2022-46166 (Spring boot admins is an open source 
administrative user interfa
        NOT-FOR-US: Spring boot admins
 CVE-2022-46165 (Syncthing is an open source, continuous file synchronization 
program.  ...)
        - syncthing 1.27.2~ds4-1 (bug #1037432)
-       [bookworm] - syncthing <no-dsa> (Minor issue)
+       [bookworm] - syncthing <ignored> (Minor issue)
        [bullseye] - syncthing <no-dsa> (Minor issue)
        [buster] - syncthing <ignored> (Minor issue)
        NOTE: 
https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h
@@ -157327,7 +157327,7 @@ CVE-2022-4171 (The demon image annotation plugin for 
WordPress is vulnerable to
        NOT-FOR-US: demon image annotation plugin for WordPress
 CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code 
execution, in  ...)
        - rxvt-unicode 9.31-1 (bug #1025489)
-       [bookworm] - rxvt-unicode <no-dsa> (Minor issue)
+       [bookworm] - rxvt-unicode <ignored> (Minor issue, not exploitable due 
to a bug)
        [bullseye] - rxvt-unicode <not-affected> (Vulnerable code introduced 
later)
        [buster] - rxvt-unicode <not-affected> (Vulnerable code introduced 
later)
        NOTE: https://www.openwall.com/lists/oss-security/2022/12/05/1
@@ -167991,7 +167991,7 @@ CVE-2022-3591 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0789.)
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the 
pingback ...)
        - wordpress <unfixed> (bug #1033251)
-       [bookworm] - wordpress <no-dsa> (Minor issue)
+       [bookworm] - wordpress <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - wordpress <no-dsa> (Minor issue)
        [buster] - wordpress <postponed> (Minor issue)
        NOTE: 
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8a7964613c79e41b5d786a4c77d8260d9f84e23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8a7964613c79e41b5d786a4c77d8260d9f84e23
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] triage older issues

Reply via email to