Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e6d7b5b by Moritz Mühlenhoff at 2023-01-30T19:02:12+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3120,7 +3120,7 @@ CVE-2023-23629 (Metabase is an open source data analytics
platform. Affected ver
CVE-2023-23628 (Metabase is an open source data analytics platform. Affected
versions ...)
NOT-FOR-US: Metabase
CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer.
Versions 5.0.0 ...)
- - ruby-sanitize <unfixed>
+ - ruby-sanitize <unfixed> (bug #1030047)
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
NOTE:
https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22
(v6.0.1)
CVE-2023-23626
@@ -5767,17 +5767,17 @@ CVE-2023-22797
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
CVE-2023-22796
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #1030050)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
NOTE:
https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae
(6-1-stable)
CVE-2023-22795
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #1030050)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
NOTE:
https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2
(6-1-stable)
CVE-2023-22794
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #1030050)
[buster] - rails <not-affected> (Only affects 6.x and later)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
NOTE:
https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5
(6-1-stable)
@@ -5785,7 +5785,7 @@ CVE-2023-22793
RESERVED
CVE-2023-22792
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #1030050)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
NOTE:
https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f
(6-1-stable)
CVE-2023-22791
@@ -7679,7 +7679,7 @@ CVE-2023-22335
CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and
earlier al ...)
NOT-FOR-US: EasyMail
CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0
to 4.4. ...)
- - pgpool2 <unfixed>
+ - pgpool2 <unfixed> (bug #1030048)
NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News
CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS)
Ver.3.5. ...)
NOT-FOR-US: CONPROSYS
@@ -12056,7 +12056,7 @@ CVE-2022-47023
CVE-2022-47022
RESERVED
CVE-2022-47021 (A null pointer dereference issue was discovered in functions
op_get_da ...)
- - opusfile <unfixed>
+ - opusfile <unfixed> (bug #1030049)
[bullseye] - opusfile <no-dsa> (Minor issue)
NOTE:
https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
NOTE: https://github.com/xiph/opusfile/issues/36
@@ -20541,7 +20541,7 @@ CVE-2022-44567 (A command injection vulnerability
exists in Rocket.Chat-Desktop
NOT-FOR-US: Rocket.Chat-Desktop
CVE-2022-44566
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #1030050)
NOTE:
https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
NOTE:
https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed
(6-1-stable)
CVE-2022-44565 (An improper access validation vulnerability exists in airMAX
AC <8. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6d7b5be47c07b7f2fea1f2dd65c01a08f5edad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6d7b5be47c07b7f2fea1f2dd65c01a08f5edad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
