[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 22 Oct 2023 13:12:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0dde7ae7 by security tracker role at 2023-10-22T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-46306 (The web administration interface in NetModule Router Software 
(NRSW) 4 ...)
+       TODO: check
+CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py 
in calib ...)
+       TODO: check
+CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) 
before 2.15 ...)
+       TODO: check
+CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed 
CMS or co ...)
+       TODO: check
 CVE-2023-XXXX [SQUID-2023:5 Denial of Service in FTP]
        - squid <unfixed>
        [bullseye] - squid <not-affected> (Vulnerable code not present)
@@ -75,6 +83,7 @@ CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 
4.7.0 exposes sensit
 CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes 
sensitive in ...)
        NOT-FOR-US: IBM
 CVE-2023-5349 [memory leak]
+       {DLA-3625-1}
        - ruby-rmagick 5.3.0-1
        NOTE: https://github.com/rmagick/rmagick/pull/1406
        NOTE: 
https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a
 (RMagick_5-3-0)
@@ -34261,7 +34270,7 @@ CVE-2020-36663 (A vulnerability, which was classified 
as problematic, was found
        NOT-FOR-US: artesaos SEOTools
 CVE-2023-27539
        RESERVED
-       {DLA-3392-1}
+       {DSA-5530-1 DLA-3392-1}
        - ruby-rack 2.2.6.4-1 (bug #1033264)
        NOTE: 
https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c 
(v3.0.6.1)
        NOTE: 
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff 
(v2.2.6.4)
@@ -34314,7 +34323,7 @@ CVE-2023-27531
        NOT-FOR-US: Kredis JSON ruby gem
        NOTE: 
https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467
 CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, 
<v2.1.4.3 and ...)
-       {DLA-3392-1}
+       {DSA-5530-1 DLA-3392-1}
        - ruby-rack 2.2.6.4-1 (bug #1032803)
        NOTE: 
https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
        NOTE: 
https://github.com/rack/rack/commit/8e8869d625e73e16b576b6d31b50208e9ec8002f 
(main)
@@ -63906,19 +63915,19 @@ CVE-2022-44574 (An improper authentication 
vulnerability exists in Avalanche ver
 CVE-2022-44573
        RESERVED
 CVE-2022-44572 (A denial of service vulnerability in the multipart parsing 
component o ...)
-       {DLA-3298-1}
+       {DSA-5530-1 DLA-3298-1}
        - ruby-rack 2.2.4-3 (bug #1029832)
        NOTE: 
https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 
(v2.0.9.2)
        NOTE: 
https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae 
(v2.1.4.2)
        NOTE: 
https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 
(v2.2.6.1)
 CVE-2022-44571 (There is a denial of service vulnerability in the 
Content-Disposition  ...)
-       {DLA-3298-1}
+       {DSA-5530-1 DLA-3298-1}
        - ruby-rack 2.2.4-3 (bug #1029832)
        NOTE: 
https://github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 
(v2.0.9.2)
        NOTE: 
https://github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 
(v2.1.4.2)
        NOTE: 
https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 
(v2.2.6.1)
 CVE-2022-44570 (A denial of service vulnerability in the Range header parsing 
componen ...)
-       {DLA-3298-1}
+       {DSA-5530-1 DLA-3298-1}
        - ruby-rack 2.2.4-3 (bug #1029832)
        NOTE: 
https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 
(v2.0.9.2)
        NOTE: 
https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 
(v2.1.4.2)
@@ -105741,13 +105750,13 @@ CVE-2022-30125
 CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat 
Mobile  ...)
        NOT-FOR-US: Rocket.Chat Mobile App
 CVE-2022-30123 (A sequence injection vulnerability exists in Rack <2.0.9.1, 
<2.1.4.1 a ...)
-       {DLA-3095-1}
+       {DSA-5530-1 DLA-3095-1}
        - ruby-rack 2.2.4-1
        NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
        NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr
        NOTE: 
https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 
(main)
 CVE-2022-30122 (A possible denial of service vulnerability exists in Rack 
<2.0.9.1, <2 ...)
-       {DLA-3095-1}
+       {DSA-5530-1 DLA-3095-1}
        - ruby-rack 2.2.4-1
        NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
        NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dde7ae71cb66a4e47d233cb48d7b54a21196504

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dde7ae71cb66a4e47d233cb48d7b54a21196504
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to