Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: daaa8d06 by Moritz Muehlenhoff at 2023-10-23T11:30:13+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -153,28 +153,52 @@ CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (X NOT-FOR-US: I-doit pro CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 15) + NOTE: https://github.com/nothings/stb/pull/1560 CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 14) + NOTE: https://github.com/nothings/stb/pull/1559 CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 13) + NOTE: https://github.com/nothings/stb/pull/1558 CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 12) + NOTE: https://github.com/nothings/stb/pull/1557 CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 11) + NOTE: https://github.com/nothings/stb/pull/1556 CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 10) + NOTE: https://github.com/nothings/stb/pull/1555 CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 9) + NOTE: https://github.com/nothings/stb/pull/1554 CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb <unfixed> - NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ + [bookworm] - libstb <no-dsa> (Minor issue) + [bullseye] - libstb <no-dsa> (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 8) + NOTE: https://github.com/nothings/stb/pull/1553 CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...) - libstb <unfixed> NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ @@ -235,6 +259,8 @@ CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored NOT-FOR-US: WordPress plugin CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) - nagvis 1:1.9.38-1 + [bookworm] - nagvis <no-dsa> (Minor issue) + [bullseye] - nagvis <no-dsa> (Minor issue) NOTE: https://github.com/NagVis/nagvis/pull/356 NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38) CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) @@ -2795,6 +2821,8 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege NOT-FOR-US: IBM CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle <unfixed> + [bookworm] - gradle <no-dsa> (Minor issue) + [bullseye] - gradle <no-dsa> (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8 CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...) NOT-FOR-US: WordPress plugin @@ -3045,6 +3073,8 @@ CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCo NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...) - wireshark 4.0.10-1 + [bookworm] - wireshark <no-dsa> (Minor issue) + [bullseye] - wireshark <no-dsa> (Minor issue) [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits