Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ae10a885 by Salvatore Bonaccorso at 2023-07-25T10:22:52+02:00 Add CVE-2023-38745 and cross-reference from CVE-2023-35936 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -37,7 +37,8 @@ CVE-2023-3871 (A vulnerability classified as critical has been found in Campcode CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Biltay Technology Scienta CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be triggered ...) - TODO: check + - pandoc <not-affected> (Incomplete fixes for CVE-2023-35936 not applied) + NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via schedu ...) TODO: check CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL Command ('S ...) @@ -2692,6 +2693,8 @@ CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup forma NOTE: Regression: https://github.com/jgm/pandoc/commit/df4f13b262f7be5863042f8a5a1c365282c81f07 (3.1.4) NOTE: Tests: https://github.com/jgm/pandoc/commit/fe62da61dfd33e6b4c0c03895c528a47a0405bf7 NOTE: Tests: https://github.com/jgm/pandoc/commit/5246f02f0bb9c176a6d2f6e3d0c03407d8a67445 + NOTE: Followup (to avoid introduction of CVE-2023-38745): + NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.) - gitea <removed> CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits