[Git][security-tracker-team/security-tracker][master] bugnums

Tue, 18 Jul 2023 11:48:01 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
897de784 by Moritz Mühlenhoff at 2023-07-18T20:47:05+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124,7 +124,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was 
discovered to contain a FPE
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)
        NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A 
carefull ...)
-       - openrefine <unfixed>
+       - openrefine <unfixed> (bug #1041422)
        NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
        NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the 
avro cod ...)
@@ -318,7 +318,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to 
contain a buffer over
 CVE-2023-37472 (Knowage is an open source suite for business analytics. The 
applicatio ...)
        NOT-FOR-US: Knowage
 CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript 
Object Signin ...)
-       - cjose <unfixed>
+       - cjose <unfixed> (bug #1041423)
        NOTE: 
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
        NOTE: 
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e
 (v0.6.2.2)
 CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -885,19 +885,19 @@ CVE-2023-3019 [e1000e: heap use-after-free in 
e1000e_write_packet_to_guest()]
 CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site 
Request  ...)
        NOT-FOR-US: ARMember plugin for WordPress
 CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1041421)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2514
        NOTE: 
https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345
 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1041421)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2516
        NOTE: 
https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c
 CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1041421)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2515
@@ -913,7 +913,7 @@ CVE-2023-37197 (A CWE-89: Improper Neutralization of 
Special Elements vulnerabil
 CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements 
vulnerability us ...)
        NOT-FOR-US: Schneider Electric
 CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1041421)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2505
@@ -1797,7 +1797,7 @@ CVE-2023-3529 (A vulnerability classified as problematic 
has been found in Rotem
 CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has 
been rated ...)
        NOT-FOR-US: ThinuTech ThinuCMS
 CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.2.2.)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1041421)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
@@ -2305,12 +2305,12 @@ CVE-2023-36812 (OpenTSDB is a open source, distributed, 
scalable Time Series Dat
 CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in 
firmware 1. ...)
        NOT-FOR-US: Intelbras
 CVE-2023-35947 (Gradle is a build tool with a focus on build automation and 
support fo ...)
-       - gradle <undetermined>
+       - gradle <unfixed> (bug #1041424)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842
        NOTE: 
https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879
 (v8.2.0-RC3)
        NOTE: 
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91
 (v8.2.0-RC3)
 CVE-2023-35946 (Gradle is a build tool with a focus on build automation and 
support fo ...)
-       - gradle <undetermined>
+       - gradle <unfixed> (bug #1041424)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v
        NOTE: 
https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d
 (v8.2.0-RC3)
        NOTE: 
https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12
 (v8.2.0-RC3)
@@ -2401,12 +2401,12 @@ CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected 
in GitHub repository hesti
 CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 
4.5.5. Aff ...)
        NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M 
argument is a ...)
-       - hnswlib <unfixed>
+       - hnswlib <unfixed> (bug #1041426)
        [bookworm] - hnswlib <no-dsa> (Minor issue)
        [bullseye] - hnswlib <no-dsa> (Minor issue)
        NOTE: https://github.com/nmslib/hnswlib/issues/467
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows 
JavaScript injec ...)
-       - pacparser <unfixed>
+       - pacparser <unfixed> (bug #1041425)
        [bookworm] - pacparser <no-dsa> (Minor issue)
        [bullseye] - pacparser <no-dsa> (Minor issue)
        [buster] - pacparser <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to