[Git][security-tracker-team/security-tracker][master] 6 commits: lts: CVE-2022-3590/wordpress postponed on buster

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9393312f by Emilio Pozuelo Monfort at 2023-04-26T13:10:36+02:00
lts: CVE-2022-3590/wordpress postponed on buster

- - - - -
25640d1f by Emilio Pozuelo Monfort at 2023-04-26T13:15:38+02:00
lts: CVE-2023-2241/podofo no-dsa on buster

- - - - -
63be24e3 by Emilio Pozuelo Monfort at 2023-04-26T13:19:07+02:00
lts: CVE-2023-25815/git no-dsa on buster

- - - - -
05ba0863 by Emilio Pozuelo Monfort at 2023-04-26T13:37:36+02:00
Add fixing commits for CVE-2023-29007/git

- - - - -
bea6c569 by Emilio Pozuelo Monfort at 2023-04-26T13:44:36+02:00
Add fixing commit for CVE-2023-25652/git

- - - - -
8948fcfa by Emilio Pozuelo Monfort at 2023-04-26T13:46:24+02:00
Add fixing commit for CVE-2023-25815/git

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -496,6 +496,7 @@ CVE-2023-2241 (A vulnerability, which was classified as 
critical, was found in P
        - libpodofo <unfixed>
        [bookworm] - libpodofo <no-dsa> (Minor issue)
        [bullseye] - libpodofo <no-dsa> (Minor issue)
+       [buster] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://github.com/podofo/podofo/issues/69
        NOTE: 
https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
 CVE-2012-10014 (A vulnerability classified as problematic has been found in 
Kau-Boy Ba ...)
@@ -6123,6 +6124,10 @@ CVE-2023-29007 (Git is a revision control system. Prior 
to versions 2.30.9, 2.31
        - git 1:2.40.1-1 (bug #1034835)
        [bullseye] - git <no-dsa> (Minor issue)
        NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+       NOTE: 
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
+       NOTE: 
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
+       NOTE: 
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
+       NOTE: 
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a
 CVE-2023-29006 (The Order GLPI plugin allows users to manage order management 
within G ...)
        NOT-FOR-US: GLPI plugin
 CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting 
which can al ...)
@@ -15615,7 +15620,9 @@ CVE-2023-25816 (Nextcloud is an Open Source private 
cloud software. Versions 25.
 CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized 
messages are ...)
        - git 1:2.40.1-1 (bug #1034835)
        [bullseye] - git <no-dsa> (Minor issue)
+       [buster] - git <no-dsa> (Minor issue)
        NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+       NOTE: 
https://github.com/git/git/commit/4fe5d0b10afdc9ac5b703605b8d84d1ce5d71e87
 CVE-2023-25814 (metersphere is an open source continuous testing platform. In 
versions ...)
        NOT-FOR-US: metersphere
 CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a 
SQL inj ...)
@@ -16353,6 +16360,7 @@ CVE-2023-25652 (Git is a revision control system. Prior 
to versions 2.30.9, 2.31
        - git 1:2.40.1-1 (bug #1034835)
        [bullseye] - git <no-dsa> (Minor issue)
        NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+       NOTE: 
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
 CVE-2023-25651
        RESERVED
 CVE-2023-25650
@@ -44867,6 +44875,7 @@ CVE-2022-3591 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0789. ..
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the 
pingback ...)
        - wordpress <unfixed> (bug #1033251)
        [bullseye] - wordpress <no-dsa> (Minor issue)
+       [buster] - wordpress <postponed> (Minor issue)
        NOTE: 
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
 CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all 
versions wa ...)
        NOT-FOR-US: Miele's "AppWash" MobileApp



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits