Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8510c26c by Salvatore Bonaccorso at 2023-09-01T06:34:26+02:00
Add new CVEs for graylog2, itp'ed
- - - - -
ed581667 by Salvatore Bonaccorso at 2023-09-01T06:34:27+02:00
Add CVE-2023-41040/python-git
- - - - -
4738ffb7 by Salvatore Bonaccorso at 2023-09-01T06:34:29+02:00
Add CVE-2023-39616/aom
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51,9 +51,9 @@ CVE-2023-41636 (A SQL injection vulnerability in the Data
Richiesta dal paramete
CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the
VerifichePeriodiche.a ...)
NOT-FOR-US: GruppoSCAI RealGimm
CVE-2023-41045 (Graylog is a free and open log management platform. Graylog
makes use ...)
- TODO: check
+ - graylog2 <itp> (bug #652273)
CVE-2023-41044 (Graylog is a free and open log management platform. A partial
path tra ...)
- TODO: check
+ - graylog2 <itp> (bug #652273)
CVE-2023-41034 (Eclipse Leshan is a device management server and client Java
implement ...)
TODO: check
CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
@@ -135,7 +135,8 @@ CVE-2023-41163 (A Reflected Cross-site scripting (XSS)
vulnerability in the file
CVE-2023-41041 (Graylog is a free and open log management platform. In a
multi-node Gr ...)
- graylog2 <itp> (bug #652273)
CVE-2023-41040 (GitPython is a python library used to interact with Git
repositories. ...)
- TODO: check
+ - python-git <unfixed>
+ NOTE:
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c
CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is
vulnerable ...)
@@ -438,7 +439,8 @@ CVE-2023-39678 (A cross-site scripting (XSS) vulnerability
in the device web int
CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular
expression ...)
TODO: check
CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid
read mem ...)
- TODO: check
+ - aom 3.7.0~rc3-1
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3
(fixes in 3.7.0~rc2)
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global
buffer over ...)
- libxml2 <unfixed>
[bookworm] - libxml2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
