Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf472722 by security tracker role at 2023-05-27T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been
declar ...)
+ TODO: check
+CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been
classified as ...)
+ TODO: check
+CVE-2023-2926 (A vulnerability was found in SeaCMS 11.6 and classified as
problematic ...)
+ TODO: check
+CVE-2023-2925 (A vulnerability, which was classified as problematic, was found
in Web ...)
+ TODO: check
+CVE-2015-20108 (xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby
allows XPat ...)
+ TODO: check
CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant
ledger of m ...)
- rekor <itp> (bug #990249)
CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross
site scr ...)
@@ -330,7 +340,7 @@ CVE-2023-2496 (The Go Pricing - WordPress Responsive
Pricing Tables plugin for W
NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for
WordPress
CVE-2023-2494 (The Go Pricing - WordPress Responsive Pricing Tables plugin for
WordPr ...)
NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for
WordPress
-CVE-2023-32695 [Insufficient validation when decoding a Socket.IO packet]
+CVE-2023-32695 (socket.io parser is a socket.io encoder and decoder written in
JavaScr ...)
- node-socket.io-parser 4.2.1+~3.1.0-2
NOTE:
https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9
NOTE:
https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced
(3.4.3)
@@ -633,6 +643,7 @@ CVE-2023-2782 (Sensitive information disclosure due to
improper authorization. T
CVE-2023-2481 (Compiler removal of buffer clearing in
sli_se_opaque_import_key ...)
NOT-FOR-US: Silicon Labs Gecko Platform SDK
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer
overflow in che ...)
+ {DLA-3434-1}
- sysstat <unfixed> (bug #1036294)
[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377
not applied)
NOTE: https://github.com/sysstat/sysstat/pull/360
@@ -2529,6 +2540,7 @@ CVE-2023-2254
RESERVED
CVE-2023-2253
RESERVED
+ {DSA-5414-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
NOTE: Fixed by:
https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
(v2.8.2-beta.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
@@ -8423,7 +8435,7 @@ CVE-2023-1731 (In Meinbergs LTOS versions prior to
V7.06.013, the configuration
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in
raw2image_ex() c ...)
- {DLA-3433-1}
+ {DSA-5412-1 DLA-3433-1}
- libraw 0.20.2-2.1 (bug #1036281)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
NOTE: https://github.com/LibRaw/LibRaw/issues/557
@@ -150489,7 +150501,7 @@ CVE-2021-32144
CVE-2021-32143
RESERVED
CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0
allows atta ...)
- {DLA-3433-1}
+ {DSA-5412-1 DLA-3433-1}
[experimental] - libraw 0.21.1-1
- libraw 0.20.2-2.1 (bug #1031790)
NOTE: https://github.com/LibRaw/LibRaw/issues/400
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4727225b21b74cbf5c83d808370be0a78f1b3a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4727225b21b74cbf5c83d808370be0a78f1b3a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
