[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Mon, 11 Sep 2023 12:25:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7436bf6 by Moritz Muehlenhoff at 2023-09-11T21:24:19+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1616,13 +1616,11 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code 
Injection by users with certain h
 CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP 
protocol. In  ...)
        - node-openpgp <itp> (bug #787774)
 CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the 
lookup_seque ...)
-       - zbar <unfixed>
+       - zbar <unfixed> (bug #1051724)
        NOTE: https://hackmd.io/@cspl/H1PxPAUnn
-       TODO: check if reported upsream
 CVE-2023-40889 (A heap-based buffer overflow exists in the 
qr_reader_match_centers fun ...)
-       - zbar <unfixed>
+       - zbar <unfixed> (bug #1051724)
        NOTE: https://hackmd.io/@cspl/B1ZkFZv23
-       TODO: check if reported upstream
 CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters 
submitt ...)
        NOT-FOR-US: SpringBlade
 CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to 
multiple de ...)
@@ -1902,9 +1900,8 @@ CVE-2023-4569 (A memory leak flaw was found in 
nft_set_catchall_flush in net/net
        - linux 6.4.13-1
        NOTE: 
https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
 CVE-2023-4567
-       - ansible <undetermined>
+       - ansible <unfixed> (bug #1051725)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
-       TODO: check, no upstream information provided in RHBZ#2235369
 CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC 
and transaction]
        - linux 6.4.13-1
        NOTE: 
https://lore.kernel.org/netdev/[email protected]/
@@ -216055,11 +216052,10 @@ CVE-2020-24906
 CVE-2020-24905
        RESERVED
 CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail 
version 2.5 ...)
-       - gnome-gmail <removed>
+       - gnome-gmail <removed> (bug #1051726)
        [bullseye] - gnome-gmail <no-dsa> (Minor issue)
        [buster] - gnome-gmail <no-dsa> (Minor issue)
        NOTE: https://github.com/davesteele/gnome-gmail/issues/84
-       TODO: check, might be an issue as well in src:viagee
 CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected 
cross-site scri ...)
        NOT-FOR-US: Cute Editor for ASP.NET
 CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site 
scripting (XS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7436bf6a0b0a5b4a0594f1da124270f0fdf91f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7436bf6a0b0a5b4a0594f1da124270f0fdf91f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to