[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Sun, 19 Nov 2023 12:09:50 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5ea1efad by Moritz Muehlenhoff at 2023-11-19T21:09:16+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -545,15 +545,15 @@ CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to 
Cross Site Scripting (XSS)
 CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via 
/xxl-job ...)
        NOT-FOR-US: XXL-Job
 CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a sta ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        NOTE: https://github.com/gpac/gpac/issues/2613
        NOTE: 
https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b
 CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a dou ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        NOTE: https://github.com/gpac/gpac/issues/2612
        NOTE: 
https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893
 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a hea ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        NOTE: https://github.com/gpac/gpac/issues/2611
        NOTE: 
https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea
 CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management 
Platform. In af ...)
@@ -857,7 +857,7 @@ CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability i
 CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao 
Donations Ma ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered 
to contai ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        [bullseye] - gpac <ignored> (Minor issue)
        NOTE: https://github.com/gpac/gpac/issues/2672
 CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via 
physical acc ...)
@@ -1467,7 +1467,7 @@ CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation 
of Privilege Vulnerabi
 CVE-2023-5870
        {DSA-5554-1 DSA-5553-1 DLA-3651-1}
        - postgresql-16 16.1-1
-       - postgresql-15 <unfixed>
+       - postgresql-15 <unfixed> (bug #1056283)
        - postgresql-13 <removed>
        - postgresql-11 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
@@ -1475,7 +1475,7 @@ CVE-2023-5870
 CVE-2023-5869
        {DSA-5554-1 DSA-5553-1 DLA-3651-1}
        - postgresql-16 16.1-1
-       - postgresql-15 <unfixed>
+       - postgresql-15 <unfixed> (bug #1056283)
        - postgresql-13 <removed>
        - postgresql-11 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
@@ -1483,7 +1483,7 @@ CVE-2023-5869
 CVE-2023-5868
        {DSA-5554-1 DSA-5553-1 DLA-3651-1}
        - postgresql-16 16.1-1
-       - postgresql-15 <unfixed>
+       - postgresql-15 <unfixed> (bug #1056283)
        - postgresql-13 <removed>
        - postgresql-11 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/
@@ -1946,7 +1946,7 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to 
multiple Unauthenticated
 CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 
allows an at ...)
        NOT-FOR-US: timetec AWDMS
 CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box 
v.2.3-DEV-rev573-g2013208 ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2629
        NOTE: 
https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4
@@ -1987,7 +1987,7 @@ CVE-2023-45283 (The filepath package does not recognize 
paths with a \??\ prefix
        NOTE: 
https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae 
(go1.20.11)
        NOTE: No security impact for Debian packages, only affects code running 
on Windows
 CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3.0-DEV.)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #1056282)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
        NOTE: 
https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
@@ -4721,7 +4721,7 @@ CVE-2023-39333
        NOTE: 
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
        NOTE: 
https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
 CVE-2023-5388
-       - nss <unfixed>
+       - nss <unfixed> (bug #1056284)
        [bookworm] - nss <postponed> (Minor issue, revisit once fixed upstream)
        [bullseye] - nss <postponed> (Minor issue, revisit once fixed upstream)
        [buster] - nss <no-dsa> (Minor issue)
@@ -71656,9 +71656,8 @@ CVE-2023-20248
 CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco 
Adaptive ...)
        NOT-FOR-US: Cisco
 CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in 
Snort acces ...)
-       - snort <undetermined>
+       - snort <unfixed> (bug #1056281)
        NOTE: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh
-       TODO: check, affects Snort 2.x series as well
 CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of 
Cisco Ada ...)
        NOT-FOR-US: Cisco
 CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco 
Firepower T ...)
@@ -72103,7 +72102,8 @@ CVE-2023-20032 (On Feb 15, 2023, the following 
vulnerability in the ClamAV scann
        NOTE: 
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
        NOTE: 
https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8
 CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 
Detecti ...)
-       TODO: check
+       - snort <unfixed> (bug #1056281)
+       NOTE: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8
 CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
        NOT-FOR-US: Cisco
 CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS 
XE Softw ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to