Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 07cb043f by Salvatore Bonaccorso at 2023-05-29T21:54:25+02:00 Add CVE-2023-34152 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2023-34152 [RCE vulnerability in OpenBlob with --enable-pipes configured] + - imagemagick <unfixed> (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339 + NOTE: Only an issue when configured with --enable-pipes. Enabling pipes are + NOTE: a security risk per se and user needs to take precautions accordingly + NOTE: when enabled. + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339#issuecomment-1559698800 + TODO: check, CVE might get rejected or disputed CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate and /p ...) NOT-FOR-US: ebankIT CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07cb043fb1a38bc396e052f86fe0baf5428b4029 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07cb043fb1a38bc396e052f86fe0baf5428b4029 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
