[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Thu, 18 May 2023 06:27:58 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
82ba798c by Moritz Muehlenhoff at 2023-05-18T15:27:24+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,7 +28,7 @@ CVE-2023-32762
        - qtbase-opensource-src-gles <unfixed>
        TODO: check for more details on actual fixes needed for 
network/access/qhsts.cpp
 CVE-2023-XXXX [XSS in RSS syntax]
-       - dokuwiki <unfixed>
+       - dokuwiki <unfixed> (bug #1036279)
        [bullseye] - dokuwiki <no-dsa> (Minor issue)
        NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967
        NOTE: 
https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de
@@ -143,7 +143,7 @@ CVE-2023-2739 (A vulnerability classified as problematic 
was found in Gira HomeS
 CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda 
OA 11. ...)
        NOT-FOR-US: Tongda
 CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's 
LZWDecode() fun ...)
-       - tiff <unfixed>
+       - tiff <unfixed> (bug #1036282)
        [bullseye] - tiff <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
@@ -642,13 +642,13 @@ CVE-2023-31568 (Podofo v0.10.0 was discovered to contain 
a heap buffer overflow
        NOTE: Fixed by: 
https://github.com/podofo/podofo/commit/29d59f604b37159e938a2f46acd4856cfd1e7bac
        NOTE: Introduced by: 
https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184
 CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer 
overflow via th ...)
-       - libpodofo <unfixed>
+       - libpodofo <unfixed> (bug #1036278)
        [bookworm] - libpodofo <no-dsa> (Minor issue)
        [bullseye] - libpodofo <no-dsa> (Minor issue)
        [buster] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://github.com/podofo/podofo/issues/71
 CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free 
via the ...)
-       - libpodofo <unfixed>
+       - libpodofo <unfixed> (bug #1036278)
        [bookworm] - libpodofo <no-dsa> (Minor issue)
        [bullseye] - libpodofo <no-dsa> (Minor issue)
        [buster] - libpodofo <no-dsa> (Minor issue)
@@ -7660,7 +7660,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the 
configuration file uploa
 CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not 
validate and e ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in 
raw2image_ex() c ...)
-       - libraw <unfixed>
+       - libraw <unfixed> (bug #1036281)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
        NOTE: https://github.com/LibRaw/LibRaw/issues/557
        NOTE: Fixed by: 
https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93
 (master)
@@ -8682,7 +8682,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time 
component through 0.2.1
        - ruby3.1 <unfixed>
        - ruby2.7 <removed>
        - ruby2.5 <removed>
-       - jruby <unfixed>
+       - jruby <unfixed> (bug #1036283)
        [bookworm] - jruby <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e 
(v3_1_4)
        NOTE: Fixed by: 
https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 
(v0.2.2)
@@ -8694,7 +8694,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI 
component through 0.12.0
        - ruby3.1 <unfixed>
        - ruby2.7 <removed>
        - ruby2.5 <removed>
-       - jruby <unfixed>
+       - jruby <unfixed> (bug #1036283)
        [bookworm] - jruby <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 
(v3_1_4)
        NOTE: Fixed by: 
https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 
(v0.12.1)
@@ -31196,11 +31196,11 @@ CVE-2023-21969 (Vulnerability in Oracle SQL Developer 
(component: Installation).
        NOT-FOR-US: Oracle
 CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed> (bug #1034719)
@@ -31228,7 +31228,7 @@ CVE-2023-21955 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
        - mysql-8.0 <unfixed> (bug #1034719)
 CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed> (bug #1034719)
@@ -31260,15 +31260,15 @@ CVE-2023-21940 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
        - mysql-8.0 <unfixed> (bug #1034719)
 CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
@@ -31284,7 +31284,7 @@ CVE-2023-21931 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
        NOT-FOR-US: Oracle
 CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u372-ga-1
-       - openjdk-11 <unfixed>
+       - openjdk-11 <unfixed> (bug #1036280)
        - openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed> (bug #1034719)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to