Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e76698a1 by Salvatore Bonaccorso at 2023-05-10T22:17:09+02:00
Add two opencv CVEs: CVE-2023-2617 and CVE-2023-2618
- - - - -
499213c8 by Salvatore Bonaccorso at 2023-05-10T22:17:11+02:00
Add CVE-2023-31137/maradns
- - - - -
f4ecc10c by Salvatore Bonaccorso at 2023-05-10T22:17:13+02:00
Process one NFU
- - - - -
11a3f0bb by Salvatore Bonaccorso at 2023-05-10T22:17:14+02:00
Add CVE-2021-31240/ming
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48,9 +48,17 @@ CVE-2023-31478 (An issue was discovered on GL.iNet devices
before 3.216. An API
CVE-2023-2619 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester
CVE-2023-2618 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ - opencv <unfixed>
+ [bullseye] - opencv <not-affected> (Vulnerable code not present)
+ [buster] - opencv <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/opencv/opencv_contrib/pull/3484
+ NOTE:
https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6
CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV
wechat_q ...)
- TODO: check
+ - opencv <unfixed>
+ [bullseye] - opencv <not-affected> (Vulnerable code not present)
+ [buster] - opencv <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/opencv/opencv_contrib/pull/3480
+ NOTE:
https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c
CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository
pimcore/pimc ...)
NOT-FOR-US: pimcore
CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
@@ -972,7 +980,9 @@ CVE-2023-31139 (DHIS2 Core contains the service layer and
Web API for DHIS2, an
CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2,
an inform ...)
NOT-FOR-US: DHIS2
CVE-2023-31137 (MaraDNS is open-source software that implements the Domain
Name System ...)
- TODO: check
+ - maradns <unfixed>
+ NOTE:
https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58
+ NOTE:
https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c
CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of
PostgresNIO ...)
NOT-FOR-US: PostgresNIO
CVE-2023-31135
@@ -150190,7 +150200,7 @@ CVE-2021-31713
CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6
allows a j ...)
NOT-FOR-US: react-draft-wysiwyg
CVE-2021-31711 (Cross Site Scripting vulnerability found in Trippo
ResponsiveFilemanag ...)
- TODO: check
+ NOT-FOR-US: Trippo ResponsiveFilemanager
CVE-2021-31710
RESERVED
CVE-2021-31709
@@ -151364,7 +151374,8 @@ CVE-2021-31242
CVE-2021-31241
RESERVED
CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to
execute a ...)
- TODO: check
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/218
CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote
attacke ...)
TODO: check
CVE-2021-31238
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34...11a3f0bb1c40e0dc8185c6857c1331a711f41191
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34...11a3f0bb1c40e0dc8185c6857c1331a711f41191
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
