[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Tue, 19 Dec 2023 13:29:25 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e70d44cd by Moritz Muehlenhoff at 2023-12-19T22:28:47+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was 
susceptible to a hea
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
 CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel 
attack kno ...)
-       - nss <unfixed>
+       - nss <unfixed> (bug #1059054)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1853908 (not public)
@@ -1826,9 +1826,8 @@ CVE-2023-36639 (A use of externally-controlled format 
string in Fortinet FortiPr
 CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. 
This i ...)
        - libapache2-mod-cluster <itp> (bug #731410)
 CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that 
exceeds ...)
-       - undertow <undetermined>
+       - undertow <unfixed> (bug #1059055)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
-       TODO: check, insufficient information for Debian specific assessment
 CVE-2023-49921
        - elasticsearch <removed>
 CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would 
log a r ...)
@@ -2371,7 +2370,7 @@ CVE-2023-48311 (dockerspawner is a tool to spawn 
JupyterHub single user servers
 CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user 
credentials in bro ...)
        NOT-FOR-US: IBM
 CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to 
cause a ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2652
        NOTE: 
https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
@@ -2379,7 +2378,7 @@ CVE-2023-47465 (An issue in GPAC v.2.2.1 and before 
allows a local attacker to c
 CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek 
Vigor167 versi ...)
        NOT-FOR-US: DrayTek Vigor167
 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 
2.3-DEV-rev617-g671 ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2669
        NOTE: 
https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
@@ -2694,7 +2693,7 @@ CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was 
discovered to contain a command
 CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack 
overflo ...)
        NOT-FOR-US: Tenda
 CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in 
gf_mpd_ ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2689
@@ -2710,7 +2709,7 @@ CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is 
vulnerable to Directory Tr
 CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management 
System v ...)
        NOT-FOR-US: Best Courier Management System
 CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box 
contains a mem ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2658
@@ -4552,25 +4551,25 @@ CVE-2023-46355 (In the module "CSV Feeds PRO" 
(csvfeeds) < 2.6.1 from Bl Modules
 CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" 
(updateprod ...)
        NOT-FOR-US: PrestaShop module
 CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in 
the next_ ...)
-       - busybox <unfixed>
+       - busybox <unfixed> (bug #1059053)
        [bookworm] - busybox <no-dsa> (Minor issue)
        [bullseye] - busybox <no-dsa> (Minor issue)
        [buster] - busybox <no-dsa> (Minor issue)
        NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874
 CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox 
v.1.36.1 via  ...)
-       - busybox <unfixed>
+       - busybox <unfixed> (bug #1059052)
        [bookworm] - busybox <no-dsa> (Minor issue)
        [bullseye] - busybox <no-dsa> (Minor issue)
        [buster] - busybox <no-dsa> (Minor issue)
        NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871
 CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows 
attackers to ...)
-       - busybox <unfixed>
+       - busybox <unfixed> (bug #1059051)
        [bookworm] - busybox <no-dsa> (Minor issue)
        [bullseye] - busybox <no-dsa> (Minor issue)
        [buster] - busybox <no-dsa> (Minor issue)
        NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868
 CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf 
function in ...)
-       - busybox <unfixed>
+       - busybox <unfixed> (bug #1059050)
        [bookworm] - busybox <no-dsa> (Minor issue)
        [bullseye] - busybox <no-dsa> (Minor issue)
        [buster] - busybox <no-dsa> (Minor issue)
@@ -5488,11 +5487,11 @@ CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to 
contain a heap overflow
 CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap 
overflow via th ...)
        NOT-FOR-US: Tenda
 CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory 
leaks in ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2680
 CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory 
leak in  ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1059056)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2679
 CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in 
Slider  ...)
@@ -60888,7 +60887,7 @@ CVE-2022-48176 (Netgear routers R7000P before 
v1.3.3.154, R6900P before v1.3.3.1
 CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code 
execution ( ...)
        NOT-FOR-US: Rukovoditel
 CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in 
busybox befor ...)
-       - busybox <unfixed>
+       - busybox <unfixed> (bug #1059049)
        [bookworm] - busybox <no-dsa> (Minor issue)
        [bullseye] - busybox <no-dsa> (Minor issue)
        [buster] - busybox <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70d44cd404ff18990b6f8a0912889a25a6c2e3a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70d44cd404ff18990b6f8a0912889a25a6c2e3a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to