[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 28 Jan 2023 12:10:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d51e9502 by security tracker role at 2023-01-28T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-0562
+       RESERVED
+CVE-2023-0561 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-0560 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2016-15022
+       RESERVED
+CVE-2009-10003
+       RESERVED
 CVE-2023-0559
        RESERVED
 CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to 
authorization  ...)
@@ -129,10 +139,12 @@ CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in 
GitHub repository modoboa/
 CVE-2023-0518
        RESERVED
 CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the 
X.509 cer ...)
+       {DLA-3285-1}
        - libapache-session-browseable-perl 1.3.7-1
        NOTE: Fixed by: 
https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f
 (v1.3.6)
        NOTE: Regression follow-up: 
https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/c73e05c1363cd59e437aa1ea5ea0d260d62d5ee6
 (v1.3.7)
 CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 
certificate ...)
+       {DLA-3284-1}
        - libapache-session-ldap-perl 0.5-1
        NOTE: Fixed by: 
https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f
 (v0.5)
 CVE-2023-24576
@@ -2983,7 +2995,7 @@ CVE-2009-10002 (A vulnerability, which was classified as 
problematic, has been f
 CVE-2009-10001 (A vulnerability classified as problematic was found in 
jianlinwei cool ...)
        NOT-FOR-US: jianlinwei cool-php-captcha
 CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error 
in which ...)
-       {DSA-5320-1}
+       {DSA-5320-1 DLA-3286-1}
        - tor 0.4.7.13-1
        NOTE: 
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
        NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
@@ -9733,6 +9745,7 @@ CVE-2023-21845 (Vulnerability in the PeopleSoft 
Enterprise PeopleTools product o
 CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-8 <unfixed>
        - openjdk-11 11.0.18+10-1
        - openjdk-17 17.0.6+10-1
@@ -9752,6 +9765,7 @@ CVE-2023-21837 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
 CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.32-1 (bug #1029151)
 CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-11 11.0.18+10-1
        - openjdk-17 17.0.6+10-1
        - openjdk-21 21~7ea-1
@@ -35079,6 +35093,7 @@ CVE-2022-39401 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-11 11.0.17+8-1
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
        - openjdk-17 17.0.5+8-1
@@ -41538,6 +41553,7 @@ CVE-2022-37187
        RESERVED
 CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
        RESERVED
+       {DLA-3287-1}
        - lemonldap-ng 2.0.15+ds-1
        [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
        NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
@@ -94411,6 +94427,7 @@ CVE-2022-21630 (Vulnerability in the JD Edwards 
EnterpriseOne Tools product of O
 CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-8 8u352-ga-1
        - openjdk-11 11.0.17+8-1
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94420,12 +94437,14 @@ CVE-2022-21627 (Vulnerability in the Oracle VM 
VirtualBox product of Oracle Virt
        - virtualbox 6.1.40-dfsg-1
        NOTE: 
https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
 CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-8 8u352-ga-1
        - openjdk-11 11.0.17+8-1
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-8 8u352-ga-1
        - openjdk-11 11.0.17+8-1
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94442,6 +94461,7 @@ CVE-2022-21620 (Vulnerability in the Oracle VM 
VirtualBox product of Oracle Virt
        - virtualbox 6.1.40-dfsg-1
        NOTE: 
https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
 CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5331-1}
        - openjdk-8 8u352-ga-1
        - openjdk-11 11.0.17+8-1
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -196613,6 +196633,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws 
Mail through 3.17.6, a mali
        [stretch] - claws-mail <no-dsa> (Minor issue)
        NOTE: 
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
 CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of 
the X.5 ...)
+       {DLA-3287-1}
        - lemonldap-ng 2.0.9+ds-1
        [stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete 
re-write, so very hard to backport!)
        NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to