[Git][security-tracker-team/security-tracker][master] Add CVE-2023-38745 and cross-reference from CVE-2023-35936

Tue, 25 Jul 2023 01:23:35 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ae10a885 by Salvatore Bonaccorso at 2023-07-25T10:22:52+02:00
Add CVE-2023-38745 and cross-reference from CVE-2023-35936

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,8 @@ CVE-2023-3871 (A vulnerability classified as critical has 
been found in Campcode
 CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Biltay Technology Scienta
 CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be 
triggered ...)
-       TODO: check
+       - pandoc <not-affected> (Incomplete fixes for CVE-2023-35936 not 
applied)
+       NOTE: 
https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 
(3.1.6)
 CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection 
via schedu ...)
        TODO: check
 CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL 
Command ('S ...)
@@ -2692,6 +2693,8 @@ CVE-2023-35936 (Pandoc is a Haskell library for 
converting from one markup forma
        NOTE: Regression: 
https://github.com/jgm/pandoc/commit/df4f13b262f7be5863042f8a5a1c365282c81f07 
(3.1.4)
        NOTE: Tests: 
https://github.com/jgm/pandoc/commit/fe62da61dfd33e6b4c0c03895c528a47a0405bf7
        NOTE: Tests: 
https://github.com/jgm/pandoc/commit/5246f02f0bb9c176a6d2f6e3d0c03407d8a67445
+       NOTE: Followup (to avoid introduction of CVE-2023-38745):
+       NOTE: 
https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 
(3.1.6)
 CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 
1.19.4.)
        - gitea <removed>
 CVE-2023-3455 (Key management vulnerability on system. Successful exploitation 
of thi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to