Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9393312f by Emilio Pozuelo Monfort at 2023-04-26T13:10:36+02:00 lts: CVE-2022-3590/wordpress postponed on buster - - - - - 25640d1f by Emilio Pozuelo Monfort at 2023-04-26T13:15:38+02:00 lts: CVE-2023-2241/podofo no-dsa on buster - - - - - 63be24e3 by Emilio Pozuelo Monfort at 2023-04-26T13:19:07+02:00 lts: CVE-2023-25815/git no-dsa on buster - - - - - 05ba0863 by Emilio Pozuelo Monfort at 2023-04-26T13:37:36+02:00 Add fixing commits for CVE-2023-29007/git - - - - - bea6c569 by Emilio Pozuelo Monfort at 2023-04-26T13:44:36+02:00 Add fixing commit for CVE-2023-25652/git - - - - - 8948fcfa by Emilio Pozuelo Monfort at 2023-04-26T13:46:24+02:00 Add fixing commit for CVE-2023-25815/git - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -496,6 +496,7 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P - libpodofo <unfixed> [bookworm] - libpodofo <no-dsa> (Minor issue) [bullseye] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <no-dsa> (Minor issue) NOTE: https://github.com/podofo/podofo/issues/69 NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...) @@ -6123,6 +6124,10 @@ CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31 - git 1:2.40.1-1 (bug #1034835) [bullseye] - git <no-dsa> (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 + NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a + NOTE: https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d + NOTE: https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...) NOT-FOR-US: GLPI plugin CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...) @@ -15615,7 +15620,9 @@ CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25. CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...) - git 1:2.40.1-1 (bug #1034835) [bullseye] - git <no-dsa> (Minor issue) + [buster] - git <no-dsa> (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/4fe5d0b10afdc9ac5b703605b8d84d1ce5d71e87 CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...) NOT-FOR-US: metersphere CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...) @@ -16353,6 +16360,7 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31 - git 1:2.40.1-1 (bug #1034835) [bullseye] - git <no-dsa> (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b CVE-2023-25651 RESERVED CVE-2023-25650 @@ -44867,6 +44875,7 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. .. CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...) - wordpress <unfixed> (bug #1033251) [bullseye] - wordpress <no-dsa> (Minor issue) + [buster] - wordpress <postponed> (Minor issue) NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) NOT-FOR-US: Miele's "AppWash" MobileApp View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits