May 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1224305] VUL-0: CVE-2024-4068: python-nbdime: the npm package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1224305 https://bugzilla.suse.com/show_bug.cgi?id=1224305#c2 Benjamin Greiner <code(a)bnavigator.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #2 from Benjamin Greiner <code(a)bnavigator.de> --- Bogus CVE. See upstream discussion at micromatch. Only pulled in by devDependencies, not shipped at runtime. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224303] VUL-0: CVE-2024-4068: python-ipysheet: the npm package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1224303 https://bugzilla.suse.com/show_bug.cgi?id=1224303#c2 Benjamin Greiner <code(a)bnavigator.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #2 from Benjamin Greiner <code(a)bnavigator.de> --- Bogus CVE. See upstream discussion at micromatch. Only pulled in by devDependencies, not shipped at runtime. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224302] VUL-0: CVE-2024-4068: python-bqplot: the npm package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1224302 https://bugzilla.suse.com/show_bug.cgi?id=1224302#c2 Benjamin Greiner <code(a)bnavigator.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #2 from Benjamin Greiner <code(a)bnavigator.de> --- Bogus CVE. See upstream discussion. Only pulled in by devDependencies, not shipped at runtime. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224382] VUL-0: CVE-2024-4067: python-plotly: the npm package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS)
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1224382 https://bugzilla.suse.com/show_bug.cgi?id=1224382#c3 Benjamin Greiner <code(a)bnavigator.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #3 from Benjamin Greiner <code(a)bnavigator.de> --- See upstream discussion at micromatch -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224382] VUL-0: CVE-2024-4067: python-plotly: the npm package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS)
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1224382 https://bugzilla.suse.com/show_bug.cgi?id=1224382#c2 --- Comment #2 from Benjamin Greiner <code(a)bnavigator.de> --- Bogus CVE. braces is only pulled in by eslint and not installed or used at runtime. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1223420] VUL-0: CVE-2024-31755: cJSON: NULL pointer dereference via cJSON_SetValuestring()
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1223420 https://bugzilla.suse.com/show_bug.cgi?id=1223420#c1 --- Comment #1 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1223420) was mentioned in https://build.opensuse.org/request/show/1176530 Backports:SLE-15-SP5 / cJSON -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1218099] VUL-0: CVE-2023-50471: cjson: segmentation violation in function cJSON_InsertItemInArray
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1218099 https://bugzilla.suse.com/show_bug.cgi?id=1218099#c4 --- Comment #4 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1218099) was mentioned in https://build.opensuse.org/request/show/1176530 Backports:SLE-15-SP5 / cJSON -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1218098] VUL-0: CVE-2023-50472: cjson: segmentation violation in function cJSON_SetValuestring
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1218098 https://bugzilla.suse.com/show_bug.cgi?id=1218098#c4 --- Comment #4 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1218098) was mentioned in https://build.opensuse.org/request/show/1176530 Backports:SLE-15-SP5 / cJSON -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1218098] VUL-0: CVE-2023-50472: cjson: segmentation violation in function cJSON_SetValuestring
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1218098 https://bugzilla.suse.com/show_bug.cgi?id=1218098#c3 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger(a)gmx.de, | |mardnh(a)gmx.de Assignee|mardnh(a)gmx.de |screening-team-bugs(a)suse.de Status|NEW |IN_PROGRESS --- Comment #3 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- We are not really tracking Leap, are we? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1218099] VUL-0: CVE-2023-50471: cjson: segmentation violation in function cJSON_InsertItemInArray
by bugzilla_noreply＠suse.com 23 May '24

23 May '24

https://bugzilla.suse.com/show_bug.cgi?id=1218099 https://bugzilla.suse.com/show_bug.cgi?id=1218099#c3 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS Assignee|mardnh(a)gmx.de |screening-team-bugs(a)suse.de CC| |Andreas.Stieger(a)gmx.de, | |mardnh(a)gmx.de --- Comment #3 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- We are not really tracking Leap, are we? -- You are receiving this mail because: You are on the CC list for the bug.

1 0