Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6f2cbdbb by Moritz Muehlenhoff at 2023-09-03T21:02:13+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,19 +1,23 @@ CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim <unfixed> + [bookworm] - vim <no-dsa> (Minor issue) + [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/ NOTE: https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 (v9.0.1848) CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.) - - vim <unfixed> + - vim <not-affected> (Windows-specific) NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/ NOTE: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c (v9.0.1833) CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.) - - vim <unfixed> + - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/ NOTE: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 (v9.0.1847) + NOTE: Crash in CLI tool, no security impact CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) - - vim <unfixed> + - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/ NOTE: https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (v9.0.1846) + NOTE: Crash in CLI tool, no security impact CVE-2023-39983 (A vulnerability that poses a potential risk of polluting the MXsecurit ...) NOT-FOR-US: MXsecurity CVE-2023-39982 (A vulnerability has been identified in MXsecurity versions prior to v1 ...) @@ -1276,6 +1280,8 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3. NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47 CVE-2023-4380 - ansible <unfixed> + [bookworm] - ansible <no-dsa> (Minor issue) + [bullseye] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232324 CVE-2023-4420 (A remote unprivileged attacker can intercept the communication via e.g ...) NOT-FOR-US: SICK LMS5xx @@ -5762,11 +5768,13 @@ CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulner NOT-FOR-US: WordPress plugin CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...) - nomad <removed> + [bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...) - nomad <not-affected> (Specific to Nomad Enterprise) CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL ...) - nomad <removed> + [bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270 CVE-2023-37362 (Weintek Weincloud v0.13.6 could allow an attacker to abuse the reg ...) NOT-FOR-US: Weincloud @@ -19742,11 +19750,15 @@ CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...) {DLA-3538-1} - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22588 NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4 NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...) - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) [buster] - zabbix <not-affected> (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-22589 NOTE: Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits