[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: update consul note
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: d8677d76 by Abhijith PA at 2023-04-03T11:28:26+05:30 data/dla-needed.txt: update consul note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,10 +38,11 @@ ceph NOTE: 20230102: [buster] - ceph (ceph-crash service added in Ceph 14) (stefanor) NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git -- -consul +consul (Abhijith PA) NOTE: 20221031: Programming language: Go. NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git + NOTE: 20230423: WIP, Fixed CVE-2018-19653 (abhijith) -- curl (holger) NOTE: 20230321: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8677d763eec99cfb9a2d7f3d75110fa7adeae3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8677d763eec99cfb9a2d7f3d75110fa7adeae3b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b248745 by Anton Gladky at 2023-04-03T07:31:51+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Anton Gladky gl...@debian.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,7 +38,7 @@ ceph NOTE: 20230102: [buster] - ceph (ceph-crash service added in Ceph 14) (stefanor) NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git -- -consul (Abhijith PA) +consul NOTE: 20221031: Programming language: Go. NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git @@ -170,7 +170,7 @@ nvidia-graphics-drivers-legacy-390xx NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg5.html NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git -- -openimageio (Markus Koschany) +openimageio NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git NOTE: 20220313: will be released today (apo) @@ -240,7 +240,7 @@ ring NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git -- -ruby-loofah (Daniel Leidert) +ruby-loofah NOTE: 20221231: Programming language: Ruby. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-loofah.git NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b248745145a36b5dcfee154245d4ee0436cb713 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b248745145a36b5dcfee154245d4ee0436cb713 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e8126b9 by security tracker role at 2023-04-02T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,21 @@ -CVE-2023-1795 - RESERVED -CVE-2023-1794 - RESERVED -CVE-2023-1793 +CVE-2023-1801 RESERVED +CVE-2023-1800 (A vulnerability, which was classified as critical, has been found in s ...) + TODO: check +CVE-2023-1799 (A vulnerability, which was classified as problematic, was found in Eyo ...) + TODO: check +CVE-2023-1798 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-1797 (A vulnerability classified as critical was found in OTCMS 6.0.1. Affec ...) + TODO: check +CVE-2023-1796 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2023-1795 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...) + TODO: check +CVE-2023-1794 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) + TODO: check +CVE-2023-1793 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) + TODO: check CVE-2023-1792 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) NOT-FOR-US: SourceCodester Simple Mobile Comparison Website CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allocatio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e8126b908c5829abfaeee28b473b59c264c79d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e8126b908c5829abfaeee28b473b59c264c79d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-28756/ruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c366f7cf by Salvatore Bonaccorso at 2023-04-02T21:25:34+02:00 Add CVE-2023-28756/ruby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1328,7 +1328,14 @@ CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPC CVE-2023-28757 RESERVED CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...) - TODO: check + - ruby3.1 + - ruby2.7 + - ruby2.5 + - jruby + NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4) + NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2) + NOTE: Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2) + NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...) - rubygems - ruby3.1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c366f7cf6784399e2c713d9ef3a43c4ead9462da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c366f7cf6784399e2c713d9ef3a43c4ead9462da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-28755/ruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fdb192b by Salvatore Bonaccorso at 2023-04-02T21:20:11+02:00 Add CVE-2023-28755/ruby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1330,7 +1330,14 @@ CVE-2023-28757 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...) TODO: check CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...) - TODO: check + - rubygems + - ruby3.1 + - ruby2.7 + - ruby2.5 + - jruby + NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4) + NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1) + NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ CVE-2023-28754 RESERVED CVE-2023-28753 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fdb192baa9e5c0de4529534d993e53a14d905f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fdb192baa9e5c0de4529534d993e53a14d905f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-27025 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bfebfd9 by Salvatore Bonaccorso at 2023-04-02T21:09:34+02:00 Add CVE-2023-27025 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6665,7 +6665,7 @@ CVE-2023-27027 CVE-2023-27026 RESERVED CVE-2023-27025 (An arbitrary file download vulnerability in the background management ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2023-27024 RESERVED CVE-2023-27023 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfebfd97cb2df09c63edeab5dcb8096dacf1b56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfebfd97cb2df09c63edeab5dcb8096dacf1b56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28144/hotspot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba89b8ab by Salvatore Bonaccorso at 2023-04-02T21:07:32+02:00 Add Debian bug reference for CVE-2023-28144/hotspot - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3432,7 +3432,7 @@ CVE-2023-28146 CVE-2023-28145 RESERVED CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configura ...) - - hotspot + - hotspot (bug #1033848) [bullseye] - hotspot (Minor issue) [buster] - hotspot (Vulnerable code not present, introduced in 1.3.0) NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba89b8ab3533b06e24c63e63ed226f61e8d45475 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba89b8ab3533b06e24c63e63ed226f61e8d45475 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1436/libjettison-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 348d29f4 by Salvatore Bonaccorso at 2023-04-02T21:04:17+02:00 Add Debian bug reference for CVE-2023-1436/libjettison-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2234,7 +2234,7 @@ CVE-2023-1438 CVE-2023-1437 RESERVED CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...) - - libjettison-java + - libjettison-java (bug #1033846) [bullseye] - libjettison-java (Minor issue) NOTE: https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ NOTE: https://github.com/jettison-json/jettison/issues/60 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/348d29f4ae220894260ea050f61a7ab591245921 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/348d29f4ae220894260ea050f61a7ab591245921 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-1436 as no-dsa for bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5fa2fd14 by Salvatore Bonaccorso at 2023-04-02T20:57:54+02:00 Mark CVE-2023-1436 as no-dsa for bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2235,6 +2235,7 @@ CVE-2023-1437 RESERVED CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...) - libjettison-java + [bullseye] - libjettison-java (Minor issue) NOTE: https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ NOTE: https://github.com/jettison-json/jettison/issues/60 NOTE: https://github.com/jettison-json/jettison/pull/62 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa2fd14305cbf942ef1f5b9f1720dae103e3360 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa2fd14305cbf942ef1f5b9f1720dae103e3360 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1436/libjettison-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60922111 by Salvatore Bonaccorso at 2023-04-02T20:54:49+02:00 Update information for CVE-2023-1436/libjettison-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2236,6 +2236,9 @@ CVE-2023-1437 CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...) - libjettison-java NOTE: https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ + NOTE: https://github.com/jettison-json/jettison/issues/60 + NOTE: https://github.com/jettison-json/jettison/pull/62 + NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4) CVE-2023-1435 RESERVED CVE-2023-1434 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6092211196acf00bcae362dc77164a999744c6dd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6092211196acf00bcae362dc77164a999744c6dd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81e98ea5 by Salvatore Bonaccorso at 2023-04-02T15:22:25+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,9 +5,9 @@ CVE-2023-1794 CVE-2023-1793 RESERVED CVE-2023-1792 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Mobile Comparison Website CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allocatio ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-28938 @@ -7072,7 +7072,7 @@ CVE-2023-26824 CVE-2023-26823 REJECTED CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-26821 RESERVED CVE-2023-26820 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e98ea560c548d67f7f0a1bf087fdf6876e891c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e98ea560c548d67f7f0a1bf087fdf6876e891c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edb2de50 by security tracker role at 2023-04-02T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2023-1795 + RESERVED +CVE-2023-1794 + RESERVED +CVE-2023-1793 + RESERVED +CVE-2023-1792 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) + TODO: check +CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allocatio ...) + TODO: check CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-28938 @@ -6650,8 +6660,8 @@ CVE-2023-27027 RESERVED CVE-2023-27026 RESERVED -CVE-2023-27025 - RESERVED +CVE-2023-27025 (An arbitrary file download vulnerability in the background management ...) + TODO: check CVE-2023-27024 RESERVED CVE-2023-27023 @@ -7061,8 +7071,8 @@ CVE-2023-26824 RESERVED CVE-2023-26823 REJECTED -CVE-2023-26822 - RESERVED +CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) + TODO: check CVE-2023-26821 RESERVED CVE-2023-26820 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb2de50ef43c2a9a0e7a6d347fa090fb37b5e45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edb2de50ef43c2a9a0e7a6d347fa090fb37b5e45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-28844/nextcloud-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b2a1878 by Salvatore Bonaccorso at 2023-04-02T10:00:04+02:00 Add CVE-2023-28844/nextcloud-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1044,7 +1044,7 @@ CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web application CVE-2023-28845 (Nextcloud talk is a video audio conferencing app for Nextcloud. ...) NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...) NOT-FOR-US: PrestaShop CVE-2023-28842 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2a1878ad15ba07ce6557807e51ca97d1288857 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2a1878ad15ba07ce6557807e51ca97d1288857 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-29141/mediawiki
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b191418 by Salvatore Bonaccorso at 2023-04-02T09:58:24+02:00 Add CVE-2023-29141/mediawiki - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,9 @@ CVE-2023-29143 CVE-2023-29142 RESERVED CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...) - TODO: check + - mediawiki + NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 + NOTE: https://phabricator.wikimedia.org/T285159 CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) TODO: check CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b191418af70b44b342bbba71c5827c9e6a1a1da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b191418af70b44b342bbba71c5827c9e6a1a1da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c52a5c3 by Salvatore Bonaccorso at 2023-04-02T09:57:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-28938 RESERVED CVE-2023-28736 @@ -21,7 +21,7 @@ CVE-2023-24592 CVE-2023-24591 RESERVED CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...) - TODO: check + NOT-FOR-US: firefly-iii CVE-2023-1788 RESERVED CVE-2023-1787 @@ -29,7 +29,7 @@ CVE-2023-1787 CVE-2023-1786 RESERVED CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) - TODO: check + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...) TODO: check CVE-2023-29149 @@ -291,17 +291,17 @@ CVE-2023-1749 CVE-2023-1748 RESERVED CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...) - TODO: check + NOT-FOR-US: IBOS CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...) NOT-FOR-US: Dreamer CMS CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: KMPlayer (different from src:kmplayer) CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...) - TODO: check + NOT-FOR-US: IBOS CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...) - TODO: check + NOT-FOR-US: IBOS CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...) NOT-FOR-US: 3CX DesktopApp CVE-2023-29058 @@ -916,7 +916,7 @@ CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overfl CVE-2023-28878 RESERVED CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly restric ...) - TODO: check + NOT-FOR-US: VTEX apps-graphql@2.x GraphQL API module CVE-2023-28876 RESERVED CVE-2023-28875 @@ -1040,11 +1040,11 @@ CVE-2023-28847 CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...) TODO: check CVE-2023-28845 (Nextcloud talk is a video audio conferencing app for Nextcloud. ...) - TODO: check + NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...) TODO: check CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-28842 RESERVED CVE-2023-28841 @@ -1432,9 +1432,9 @@ CVE-2023-28729 CVE-2023-28728 RESERVED CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...) - TODO: check + NOT-FOR-US: Panasonic AiSEG2 CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...) - TODO: check + NOT-FOR-US: Panasonic AiSEG2 CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...) NOT-FOR-US: General Bytes Crypto Application Server (CAS) CVE-2023-28723 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c52a5c3f7cafb0d0c7975fc99dbbe4782c8ba13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c52a5c3f7cafb0d0c7975fc99dbbe4782c8ba13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits