Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
814f0481 by Salvatore Bonaccorso at 2023-09-27T21:55:22+02:00
Process some NFUs
- - - - -
c1d552ec by Salvatore Bonaccorso at 2023-09-27T21:55:24+02:00
Add new glpi issues
- - - - -
8febf8dc by Salvatore Bonaccorso at 2023-09-27T21:55:25+02:00
Add new matrix-synapse issues
- - - - -
ffab2636 by Salvatore Bonaccorso at 2023-09-27T21:55:27+02:00
Process one NFU
- - - - -
b46d392b by Salvatore Bonaccorso at 2023-09-27T21:55:29+02:00
Add new issues in Cilium, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,15 +38,21 @@ CVE-2023-43187 (A remote code execution (RCE) vulnerability
in the xmlrpc.php en
CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS)
1.1.4f, loos ...)
NOT-FOR-US: Macrob7 Macs Framework Content Management System (CMS)
CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability
is due t ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can
access ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and
maintained by ...)
- TODO: check
+ - matrix-synapse <unfixed>
+ NOTE: https://github.com/matrix-org/synapse/pull/16327
+ NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
CVE-2023-41996 (The issue was addressed with improved checks. This issue is
fixed in m ...)
TODO: check
CVE-2023-41995 (A use-after-free issue was addressed with improved memory
management. ...)
@@ -64,27 +70,43 @@ CVE-2023-41979 (A race condition was addressed with
improved locking. This issue
CVE-2023-41968 (This issue was addressed with improved validation of symlinks.
This is ...)
TODO: check
CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing
platform, cov ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and
maintained by ...)
- TODO: check
+ - matrix-synapse <unfixed>
+ NOTE: https://github.com/matrix-org/synapse/pull/16272
+ NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
CVE-2023-41333 (Cilium is a networking, observability, and security solution
with an e ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2023-41332 (Cilium is a networking, observability, and security solution
with an e ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
TODO: check
CVE-2023-41174 (The issue was addressed with improved memory handling. This
issue is f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/012cb5ac61b57fcddf22a9282355aa399036de2c...b46d392bd342a5256d2bfcad3ea17a690ca07d0b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/012cb5ac61b57fcddf22a9282355aa399036de2c...b46d392bd342a5256d2bfcad3ea17a690ca07d0b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
