Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51837e30 by Moritz Muehlenhoff at 2023-09-12T09:02:40+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,6 +29,7 @@ CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site
Scripting (XSS) attac
NOT-FOR-US: Interact
CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the
function ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2550
NOTE: Fixed by:
https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa
CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable
$usernam ...)
@@ -43,6 +44,7 @@ CVE-2023-40150 (Softneta MedDream PACS does not perform an
authentication check
NOT-FOR-US: Softneta MedDream PACS
CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image
processing lib ...)
- vips 8.14.4-1
+ [bookworm] - vips <no-dsa> (Minor issue)
[bullseye] - vips <not-affected> (Vulnerable code not present)
[buster] - vips <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libvips/libvips/pull/3604
@@ -61,7 +63,7 @@ CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was
discovered to contain an aut
CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in
plaintext. The ...)
NOT-FOR-US: Softneta MedDream PACS
CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to
execute arbit ...)
- - cppcheck <unfixed>
+ - cppcheck <unfixed> (unimportant)
NOTE:
https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/
CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC
v.YK_HZXM_NBD80S09S-KLC ...)
TODO: check
@@ -95,6 +97,8 @@ CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot
application through 6.
NOT-FOR-US: Imou Life com.mm.android.smartlifeiot application
CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in
scsi_disk_reset ...)
- qemu <unfixed>
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1813
CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing &
Cannabi" ...)
NOT-FOR-US: MyCrops HiGrade "THC Testing & Cannabi" application
@@ -2065,6 +2069,7 @@ CVE-2023-39578 (A stored cross-site scripting (XSS)
vulnerability in the Create
NOT-FOR-US: Zenario CMS
CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to
contain a hea ...)
- gpac <unfixed> (bug #1051740)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2537
NOTE:
https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
