Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18707d01 by Moritz Muehlenhoff at 2023-11-03T20:19:20+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -285,11 +285,13 @@ CVE-2023-4452 (A vulnerability has been identified in the
EDR-810, EDR-G902, and
NOT-FOR-US: Moxa
CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a
heap-buffer-overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2664
NOTE:
https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf
CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in
gpac/MP4Box i ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2666
NOTE:
https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8
@@ -1645,6 +1647,8 @@ CVE-2023-46158 (IBM WebSphere Application Server Liberty
23.0.0.9 through 23.0.0
NOT-FOR-US: IBM
CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If
an upload ...)
- python-werkzeug <unfixed> (bug #1054553)
+ [bookworm] - python-werkzeug <no-dsa> (Minor issue)
+ [bullseye] - python-werkzeug <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
NOTE:
https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
(3.0.1)
CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar
Strkeys. ...)
@@ -3001,6 +3005,8 @@ CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to
contain a Cross-Site Reques
NOT-FOR-US: Dreamer CMS
CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 pre ...)
- python-urllib3 1.26.18-1 (bug #1054226)
+ [bookworm] - python-urllib3 <no-dsa> (Minor issue)
+ [bullseye] - python-urllib3 <no-dsa> (Minor issue)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
NOTE:
https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
(1.26.18)
CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
@@ -5271,6 +5277,8 @@ CVE-2023-43838 (An arbitrary file upload vulnerability in
Personal Management Sy
CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 doe ...)
{DLA-3610-1}
- python-urllib3 1.26.17-1 (bug #1053626)
+ [bookworm] - python-urllib3 <no-dsa> (Minor issue)
+ [bullseye] - python-urllib3 <no-dsa> (Minor issue)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
NOTE:
https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
(1.26.17)
CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32,
UR35, UR41 b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18707d0185d0a283ce345688c203dd9dd00de0ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18707d0185d0a283ce345688c203dd9dd00de0ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
