Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 82ba798c by Moritz Muehlenhoff at 2023-05-18T15:27:24+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -28,7 +28,7 @@ CVE-2023-32762 - qtbase-opensource-src-gles <unfixed> TODO: check for more details on actual fixes needed for network/access/qhsts.cpp CVE-2023-XXXX [XSS in RSS syntax] - - dokuwiki <unfixed> + - dokuwiki <unfixed> (bug #1036279) [bullseye] - dokuwiki <no-dsa> (Minor issue) NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967 NOTE: https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de @@ -143,7 +143,7 @@ CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeS CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...) NOT-FOR-US: Tongda CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...) - - tiff <unfixed> + - tiff <unfixed> (bug #1036282) [bullseye] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b @@ -642,13 +642,13 @@ CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow NOTE: Fixed by: https://github.com/podofo/podofo/commit/29d59f604b37159e938a2f46acd4856cfd1e7bac NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...) - - libpodofo <unfixed> + - libpodofo <unfixed> (bug #1036278) [bookworm] - libpodofo <no-dsa> (Minor issue) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) NOTE: https://github.com/podofo/podofo/issues/71 CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...) - - libpodofo <unfixed> + - libpodofo <unfixed> (bug #1036278) [bookworm] - libpodofo <no-dsa> (Minor issue) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) @@ -7660,7 +7660,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file uploa CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...) - - libraw <unfixed> + - libraw <unfixed> (bug #1036281) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240 NOTE: https://github.com/LibRaw/LibRaw/issues/557 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master) @@ -8682,7 +8682,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 - ruby3.1 <unfixed> - ruby2.7 <removed> - ruby2.5 <removed> - - jruby <unfixed> + - jruby <unfixed> (bug #1036283) [bookworm] - jruby <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4) NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2) @@ -8694,7 +8694,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 - ruby3.1 <unfixed> - ruby2.7 <removed> - ruby2.5 <removed> - - jruby <unfixed> + - jruby <unfixed> (bug #1036283) [bookworm] - jruby <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4) NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1) @@ -31196,11 +31196,11 @@ CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). NOT-FOR-US: Oracle CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> (bug #1034719) @@ -31228,7 +31228,7 @@ CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 <unfixed> (bug #1034719) CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> (bug #1034719) @@ -31260,15 +31260,15 @@ CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 <unfixed> (bug #1034719) CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle @@ -31284,7 +31284,7 @@ CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu NOT-FOR-US: Oracle CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u372-ga-1 - - openjdk-11 <unfixed> + - openjdk-11 <unfixed> (bug #1036280) - openjdk-17 <unfixed> (bug #1035957) CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> (bug #1034719) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits