Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4e7e8196 by Moritz Mühlenhoff at 2023-05-23T15:37:10+02:00 bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -19,7 +19,7 @@ CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows att CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...) - wabt <unfixed> (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/2199 - NOTE: Crash in CLI, no security impact + NOTE: Crash in CLI tool, no security impact CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...) NOT-FOR-US: WSO2 CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...) @@ -652,7 +652,6 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgre CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...) [experimental] - libvirt 9.3.0-1 - libvirt <unfixed> (bug #1036297) - [bookworm] - libvirt <no-dsa> (Minor issue) [bullseye] - libvirt <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) @@ -10144,6 +10143,8 @@ CVE-2023-28440 (Discourse is an open source platform for community discussion. I CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor <unfixed> (bug #1034481) - ckeditor3 <unfixed> + [bookworm] - ckeditor3 <no-dsa> (Minor issue) + [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g NOTE: https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef (4.21.0) @@ -96220,6 +96221,8 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command In NOT-FOR-US: simple-git CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...) - cookiecutter <unfixed> (bug #1013279) + [bookworm] - cookiecutter <no-dsa> (Minor issue) + [bullseye] - cookiecutter <no-dsa> (Minor issue) [buster] - cookiecutter <no-dsa> (Minor issue) [stretch] - cookiecutter <no-dsa> (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281 @@ -99674,6 +99677,7 @@ CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -99683,6 +99687,7 @@ CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -127231,6 +127236,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -136268,6 +136274,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -145501,6 +145508,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc - ckeditor 4.16.0+dfsg-2 [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -165322,6 +165330,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <postponed> (Fix along next DLA) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -324764,6 +324773,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a [stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch) [jessie] - ckeditor <ignored> (Minor issue) - ckeditor3 <unfixed> (low; bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) @@ -493476,6 +493486,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be [wheezy] - ckeditor <not-affected> (Preview plugin not yet present) [squeeze] - ckeditor <not-affected> (Preview plugin not yet present) - ckeditor3 <unfixed> (bug #1015217) + [bookworm] - ckeditor3 <no-dsa> (Minor issue) [bullseye] - ckeditor3 <no-dsa> (Minor issue) [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits