Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ea1efad by Moritz Muehlenhoff at 2023-11-19T21:09:16+01:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -545,15 +545,15 @@ CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...) NOT-FOR-US: XXL-Job CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2613 NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2612 NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2611 NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) @@ -857,7 +857,7 @@ CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) [bullseye] - gpac <ignored> (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2672 CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...) @@ -1467,7 +1467,7 @@ CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi CVE-2023-5870 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 <unfixed> + - postgresql-15 <unfixed> (bug #1056283) - postgresql-13 <removed> - postgresql-11 <removed> NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/ @@ -1475,7 +1475,7 @@ CVE-2023-5870 CVE-2023-5869 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 <unfixed> + - postgresql-15 <unfixed> (bug #1056283) - postgresql-13 <removed> - postgresql-11 <removed> NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/ @@ -1483,7 +1483,7 @@ CVE-2023-5869 CVE-2023-5868 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 <unfixed> + - postgresql-15 <unfixed> (bug #1056283) - postgresql-13 <removed> - postgresql-11 <removed> NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/ @@ -1946,7 +1946,7 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2629 NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 @@ -1987,7 +1987,7 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - - gpac <unfixed> + - gpac <unfixed> (bug #1056282) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e @@ -4721,7 +4721,7 @@ CVE-2023-39333 NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333 NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca CVE-2023-5388 - - nss <unfixed> + - nss <unfixed> (bug #1056284) [bookworm] - nss <postponed> (Minor issue, revisit once fixed upstream) [bullseye] - nss <postponed> (Minor issue, revisit once fixed upstream) [buster] - nss <no-dsa> (Minor issue) @@ -71656,9 +71656,8 @@ CVE-2023-20248 CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...) - - snort <undetermined> + - snort <unfixed> (bug #1056281) NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh - TODO: check, affects Snort 2.x series as well CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) NOT-FOR-US: Cisco CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco Firepower T ...) @@ -72103,7 +72102,8 @@ CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scann NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8 CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 Detecti ...) - TODO: check + - snort <unfixed> (bug #1056281) + NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8 CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits