Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
930574e9 by Moritz Muehlenhoff at 2023-02-10T08:59:38+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5363,6 +5363,7 @@ CVE-2023-23628 (Metabase is an open source data analytics
platform. Affected ver
NOT-FOR-US: Metabase
CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer.
Versions 5.0.0 ...)
- ruby-sanitize <unfixed> (bug #1030047)
+ [bullseye] - ruby-sanitize <no-dsa> (Minor issue)
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
NOTE:
https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22
(v6.0.1)
CVE-2023-23626
@@ -10350,6 +10351,7 @@ CVE-2020-36628 (A vulnerability classified as critical
has been found in Calsign
NOT-FOR-US: Calsign APDE
CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been
declared as pro ...)
- golang-github-go-macaron-i18n <unfixed>
+ [bullseye] - golang-github-go-macaron-i18n <no-dsa> (Minor issue)
[buster] - golang-github-go-macaron-i18n <postponed> (Limited support,
minor issue, follow bullseye DSAs/point-releases)
NOTE:
https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735
(v0.5.0)
CVE-2020-36626 (A vulnerability classified as critical has been found in
Modern Tribe ...)
@@ -30290,9 +30292,10 @@ CVE-2022-3425 (The Analyticator WordPress plugin
before 6.5.6 unserializes user
NOT-FOR-US: WordPress plugin
CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os]
RESERVED
- - linux 6.1.4-1
+ - linux 6.1.4-1 (unimportant)
NOTE:
https://lore.kernel.org/all/[email protected]/
NOTE:
https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+ NOTE: SGI_GRU not enabled in any Debian kernel
CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to
0.92.0. ...)
NOT-FOR-US: nocodb
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i
can cr ...)
@@ -34889,6 +34892,7 @@ CVE-2022-3217 (When logging in to a VBASE runtime
project via Web-Remote, the pr
CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1,
libs/plugins/function.ma ...)
{DLA-3262-1}
- smarty3 3.1.47-1 (bug #1019897)
+ [bullseye] - smarty3 <no-dsa> (Minor issue)
- smarty4 4.2.1-1 (bug #1019896)
NOTE: https://github.com/smarty-php/smarty/issues/454
NOTE:
https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938
(v3.1.47)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930574e97e267371947b4c9b04c882b39470f0ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930574e97e267371947b4c9b04c882b39470f0ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
