Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
101c6f45 by Moritz Muehlenhoff at 2025-04-24T12:49:16+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65923,10 +65923,10 @@ CVE-2024-47226 (A stored cross-site scripting (XSS)
vulnerability exists in NetB
CVE-2024-47221 (CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA
through 5.8 ...)
NOT-FOR-US: Rapid SCADA
CVE-2024-47220 (An issue was discovered in the WEBrick toolkit through 1.8.1
for Ruby. ...)
- - ruby-webrick <unfixed> (bug #1082633)
+ - ruby-webrick 1.9.1-1 (bug #1082633)
[bookworm] - ruby-webrick <no-dsa> (Minor issue)
NOTE: https://github.com/ruby/webrick/issues/145
- NOTE: Fixed by:
https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
+ NOTE: Fixed by:
https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
(v1.8.2)
CVE-2024-47219 (An issue was discovered in vesoft NebulaGraph through 3.8.0.
It allows ...)
NOT-FOR-US: vesoft NebulaGraph
CVE-2024-47218 (An issue was discovered in vesoft NebulaGraph through 3.8.0.
It allows ...)
@@ -69497,9 +69497,11 @@ CVE-2024-8460 (A vulnerability, which was classified
as problematic, has been fo
NOT-FOR-US: D-Link
CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to
cover all ...)
{DLA-4021-1}
- - 389-ds-base <unfixed> (bug #1082852)
+ - 389-ds-base 2.0.11-1 (bug #1082852)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310110
NOTE: CVE exists because of an insufficent/incomplete fix for
CVE-2024-2199
+ NOTE: The precise details are not public, but this wasn't backported to
any supported
+ NOTE: branch after 1.x, so marking the first 2.x upload as the fixed
version
CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL
queries, whi ...)
NOT-FOR-US: FlyCASS CASS and KCM systems
CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to
Stored Cros ...)
@@ -99585,6 +99587,7 @@ CVE-2024-5095 (A vulnerability classified as
problematic has been found in Victo
NOT-FOR-US: Victor Zsviot Camera
CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches,
which make ...)
- nix <unfixed> (bug #1072706)
+ [trixie] - nix <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - nix <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - nix <no-dsa> (Minor issue)
NOTE: https://github.com/NixOS/nix/issues/969
@@ -121550,6 +121553,7 @@ CVE-2021-47156 (The Net::IPAddress::Util module
before 5.000 for Perl does not p
NOT-FOR-US: Net::IPAddress::Util Perl module
CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly
consider extr ...)
- libnetwork-ipv4addr-perl <unfixed> (bug #1072178)
+ [trixie] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit
when fixed upstream)
[bookworm] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit
when fixed upstream)
[bullseye] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
[buster] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit
when fix is available)
@@ -121665,6 +121669,7 @@ CVE-2024-1857 (The Ultimate Gift Cards for
WooCommerce \u2013 Create, Redeem & M
NOT-FOR-US: WooCommerce plugin
CVE-2024-2467 (A timing-based side-channel flaw exists in the
perl-Crypt-OpenSSL-RSA ...)
- libcrypt-openssl-rsa-perl <unfixed> (bug #1066969)
+ [trixie] - libcrypt-openssl-rsa-perl <postponed> (Minor issue, revisit
when fixed upstream)
[bookworm] - libcrypt-openssl-rsa-perl <postponed> (Minor issue,
revisit when fixed upstream)
[bullseye] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue)
[buster] - libcrypt-openssl-rsa-perl <postponed> (Minor issue;
side-channel timing attack)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/101c6f45ca41fc89b291d46cb6439e2249f1657d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/101c6f45ca41fc89b291d46cb6439e2249f1657d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
