Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9325b201 by Salvatore Bonaccorso at 2023-03-20T20:32:49+01:00
Add Debian bug reference for CVE-2023-28155
- - - - -
f8e47c52 by Salvatore Bonaccorso at 2023-03-20T20:34:48+01:00
Add Debian bug reference for CVE-2022-30256/maradns
- - - - -
ce47b2c6 by Salvatore Bonaccorso at 2023-03-20T20:37:39+01:00
Add Debian bug reference for CVE-2023-1108
- - - - -
37c9b798 by Salvatore Bonaccorso at 2023-03-20T20:38:38+01:00
Add Debian bug reference for CVE-2022-3590
- - - - -
4345dc9f by Salvatore Bonaccorso at 2023-03-20T20:39:49+01:00
Add Debian bug reference for CVE-2023-1289
- - - - -
b0cc9068 by Salvatore Bonaccorso at 2023-03-20T20:40:39+01:00
Add Debian bug reference for CVE-2023-26266
- - - - -
321ed613 by Salvatore Bonaccorso at 2023-03-20T20:42:07+01:00
Add Debian bug reference for CVE-2023-2710{2,3}
- - - - -
2e6fbca2 by Salvatore Bonaccorso at 2023-03-20T20:43:09+01:00
Add Debian bug reference for CVE-2023-23456
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1499,7 +1499,7 @@ CVE-2023-28157
CVE-2023-28156
RESERVED
CVE-2023-28155 (** UNSUPPORTED WHEN ASSIGNED ** The Request package through
2.88.1 for ...)
- - node-request <unfixed>
+ - node-request <unfixed> (bug #1033250)
NOTE: https://github.com/request/request/issues/3442
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object
access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
@@ -2076,7 +2076,7 @@ CVE-2023-1290 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1289
RESERVED
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1033254)
[bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
@@ -3934,7 +3934,7 @@ CVE-2023-1109
RESERVED
CVE-2023-1108
RESERVED
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1033253)
NOTE: https://issues.redhat.com/browse/UNDERTOW-2239
CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
NOT-FOR-US: flatpressblog
@@ -4644,11 +4644,11 @@ CVE-2023-27105
CVE-2023-27104
RESERVED
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer
overflow via ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1033257)
NOTE: https://github.com/strukturag/libde265/issues/394
NOTE:
https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995
CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation
violation vi ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1033257)
NOTE: https://github.com/strukturag/libde265/issues/393
NOTE:
https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1
CVE-2023-27101
@@ -6671,7 +6671,7 @@ CVE-2023-0935 (A vulnerability was found in DolphinPHP up
to 1.5.1. It has been
CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading
arbitrary ...)
NOT-FOR-US: php-saml-sp
CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working
director ...)
- - aflplusplus <unfixed>
+ - aflplusplus <unfixed> (bug #1033255)
[bullseye] - aflplusplus <no-dsa> (Minor issue)
NOTE: https://github.com/AFLplusplus/AFLplusplus/pull/1643
NOTE:
https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f
@@ -14917,7 +14917,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX
in PackLinuxElf64::invert_
NOTE:
https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860
NOTE: https://github.com/upx/upx/issues/631
CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in
PackTmt::p ...)
- - upx-ucl <unfixed>
+ - upx-ucl <unfixed> (bug #1033258)
[buster] - upx-ucl <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
NOTE:
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
@@ -36711,7 +36711,7 @@ CVE-2022-3591 (Use After Free in GitHub repository
vim/vim prior to 9.0.0789. ..
NOTE:
https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad
(v9.0.0789)
NOTE: Crash in CLI tool, no security impact
CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the
pingback ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #1033251)
[bullseye] - wordpress <no-dsa> (Minor issue)
NOTE:
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all
versions wa ...)
@@ -72885,7 +72885,7 @@ CVE-2022-30258 (An issue was discovered in Technitium
DNS Server through 8.0.2 t
CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2
that al ...)
NOT-FOR-US: Technitium DNS Server
CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021
that allo ...)
- - maradns <unfixed>
+ - maradns <unfixed> (bug #1033252)
[bullseye] - maradns <no-dsa> (Minor issue)
[buster] - maradns <no-dsa> (Minor issue)
NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd3038b57aa161a2f6d9104bbdc7ef70893b3e23...2e6fbca2ba6180bc00b33c7517cb7665fc86b3ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd3038b57aa161a2f6d9104bbdc7ef70893b3e23...2e6fbca2ba6180bc00b33c7517cb7665fc86b3ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
