Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2523fd1e by Moritz Muehlenhoff at 2023-04-26T19:45:15+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31493,7 +31493,7 @@ CVE-2022-47017
CVE-2022-47016
REJECTED
CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to
Denial of S ...)
- - mariadb <unfixed>
+ - mariadb <unfixed> (bug #1034889)
[bookworm] - mariadb <postponed> (Minor issue, wait for next point
release)
- mariadb-10.6 <removed>
- mariadb-10.5 <removed>
@@ -55853,11 +55853,11 @@ CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark,
a CommonMark parsing and re
- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- - python-cmarkgfm <unfixed>
+ - python-cmarkgfm <unfixed> (bug #1034887)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ghostwriter 2.1.6+ds-1 (unimportant)
- - ruby-commonmarker <unfixed>
+ - ruby-commonmarker <unfixed> (bug #1034888)
[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
- r-cran-commonmark 1.8.1-1
@@ -60295,9 +60295,8 @@ CVE-2022-37710 (Patterson Dental Eaglesoft 21 has
AES-256 encryption but there a
CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app
v4.23 is ...)
NOT-FOR-US: Tesla
CVE-2022-37708 (Docker version 20.10.15, build fd82621 is vulnerable to
Insecure Permi ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (bug #1034886)
NOTE: https://github.com/thekevinday/docker_lightman_exploit
- TODO: check, seems like a negligible security impact issue, and might
be marked unimportant
CVE-2022-37707
RESERVED
CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local
users to ...)
@@ -295105,7 +295104,7 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9
has Reflected XSS via the oa
CVE-2019-8399
RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- - hdf5 <undetermined> (bug #1034838)
+ - hdf5 <unfixed> (bug #1034838)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
@@ -295117,7 +295116,7 @@ CVE-2019-8397 (An issue was discovered in the HDF
HDF5 1.10.4 library. There is
NOTE: issue in upstream bug tracker:
https://jira.hdfgroup.org/browse/HDFFV-10711
NOTE: Negligible security impact, malicous scientific data has more
issues than a crash
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the
HDF HDF5 ...)
- - hdf5 <undetermined> (bug #1034838)
+ - hdf5 <unfixed> (bug #1034838)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream
release.
@@ -326004,7 +326003,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier
contains a Directory Traversa
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer
reference vuln ...)
NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input
Validation ...)
- - wordpress <undetermined>
+ NOTE: No actionable information
NOTE: This CVE exists due to an incomplete fix in 4.9 for
CVE-2017-1000600.
CVE-2018-1000673
REJECTED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fd1e30844c7a58a627f9f35766ede2cf6ecd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fd1e30844c7a58a627f9f35766ede2cf6ecd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
