nextcloud-server

Salvatore Bonaccorso (@carnil) Thu, 30 Mar 2023 13:17:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f8f8cd09 by Salvatore Bonaccorso at 2023-03-30T22:16:05+02:00
Add CVE-2023-2581{7,8}/nextcloud-server

- - - - -
65f7b865 by Salvatore Bonaccorso at 2023-03-30T22:16:06+02:00
Add CVE-2023-24180/libelfin

- - - - -
cb18b359 by Salvatore Bonaccorso at 2023-03-30T22:16:08+02:00
Add CVE-2023-22288/check-mk

- - - - -
2493a6e9 by Salvatore Bonaccorso at 2023-03-30T22:16:09+02:00
Add CVE-2023-2086{0,1}/libspring-java

- - - - -
55e19e8a by Salvatore Bonaccorso at 2023-03-30T22:16:11+02:00
Add CVE-2022-443{68,69,70}/nasm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9458,9 +9458,9 @@ CVE-2023-25820 (Nextcloud Server is the file server 
software for Nextcloud, a se
 CVE-2023-25819 (Discourse is an open source platform for community discussion. 
Tags th ...)
        NOT-FOR-US: Discourse
 CVE-2023-25818 (Nextcloud server is an open source, personal cloud 
implementation. In  ...)
-       TODO: check
+       - nextcloud-server <itp> (bug #941708)
 CVE-2023-25817 (Nextcloud server is an open source, personal cloud 
implementation. In  ...)
-       TODO: check
+       - nextcloud-server <itp> (bug #941708)
 CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 
25.0.0 an ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2023-25815
@@ -14251,7 +14251,8 @@ CVE-2023-24182
 CVE-2023-24181
        RESERVED
 CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in 
the loa ...)
-       TODO: check
+       - libelfin <unfixed>
+       NOTE: https://github.com/aclements/libelfin/issues/75
 CVE-2023-24179
        RESERVED
 CVE-2023-24178
@@ -15307,7 +15308,7 @@ CVE-2023-22307
 CVE-2023-22294
        RESERVED
 CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk &lt;=2.1.0p23; 
&lt;=2.0.0p34,  ...)
-       TODO: check
+       - check-mk <removed>
 CVE-2023-0394 (A NULL pointer dereference flaw was found in 
rawv6_push_pending_frames ...)
        {DSA-5324-1 DLA-3349-1}
        - linux 6.1.7-1
@@ -33352,9 +33353,13 @@ CVE-2023-20863
 CVE-2023-20862
        RESERVED
 CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 
5.2.0.RELE ...)
-       TODO: check
+       - libspring-java <unfixed> (unimportant)
+       NOTE: https://spring.io/security/cve-2023-20861
+       NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 
5.3.25 using ...)
-       TODO: check
+       - libspring-java <unfixed> (unimportant)
+       NOTE: https://spring.io/security/cve-2023-20860
+       NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 
2.3.x prio ...)
        TODO: check
 CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x 
prior to 8 ...)
@@ -33975,11 +33980,17 @@ CVE-2022-44372
 CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can 
cause Rem ...)
        NOT-FOR-US: hope-boot
 CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in 
the com ...)
-       TODO: check
+       - nasm <unfixed> (unimportant)
+       NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer 
Dereference ...)
-       TODO: check
+       - nasm <unfixed> (unimportant)
+       NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392819
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference 
in the N ...)
-       TODO: check
+       - nasm <unfixed> (unimportant)
+       NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392820
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via 
/goform ...)
        NOT-FOR-US: Tenda
 CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via 
/goform ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2023-2581{7,8}/nextcloud-server

Reply via email to