[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Sun, 12 Nov 2023 11:38:28 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
116d03f4 by Moritz Muehlenhoff at 2023-11-12T20:37:33+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -973,7 +973,7 @@ CVE-2023-46802 (e-Tax software Version3.0.10 and earlier 
improperly restricts XM
 CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to 
read beyond ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        NOTE: https://github.com/FRRouting/frr/pull/12951
        NOTE: 
https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b
 (base_9.0)
        NOTE: https://github.com/FRRouting/frr/pull/12956
@@ -1045,10 +1045,10 @@ CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x 
before 1.6.5 allows XSS v
        - roundcube 1.6.5+dfsg-1 (bug #1055421)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a
 (1.6.5)
 CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A 
crash can oc ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        NOTE: 
https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b
 CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A 
crash can oc ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        NOTE: 
https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf
 CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has 
a brcmf ...)
        - linux <unfixed>
@@ -2414,11 +2414,11 @@ CVE-2023-5139 (Potential buffer overflow vulnerability 
at the following location
 CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization 
bypass b ...)
        NOT-FOR-US: admin panel for Obl.ong
 CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A 
crash can oc ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9
 (master)
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4
 (stable/8.5 branch)
 CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It 
mishandles  ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35
 (master)
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d
 (stable/8.5 branch)
 CVE-2023-46668 (If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a 
non-defa ...)
@@ -3513,7 +3513,7 @@ CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub 
repository modoboa/mod
 CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository 
mosparo/mosparo ...)
        NOT-FOR-US: mosparo
 CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2 prio ...)
-       - radare2 <unfixed>
+       - radare2 <unfixed> (bug #1055854)
        NOTE: https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
        NOTE: 
https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de
 CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to 
Stored Cros ...)
@@ -9609,7 +9609,7 @@ CVE-2023-4914 (Relative Path Traversal in GitHub 
repository cecilapp/cecil prior
 CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
cecilapp/c ...)
        NOT-FOR-US: cecil.app
 CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0  In Eclipse 
JGit, al ...)
-       - jgit <unfixed>
+       - jgit <unfixed> (bug #1055853)
        [bookworm] - jgit <no-dsa> (Minor issue)
        [bullseye] - jgit <no-dsa> (Minor issue)
        [buster] - jgit <no-dsa> (Minor issue. Only case-insensitive 
filesystems are affected)
@@ -12034,7 +12034,7 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in 
UserSettingsController all
        NOT-FOR-US: Cerebrate
 CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c 
does not ...)
        {DLA-3573-1}
-       - frr <unfixed>
+       - frr <unfixed> (bug #1055852)
        [bullseye] - frr <not-affected> (The vulnerable code was introduced 
later)
        NOTE: https://github.com/FRRouting/frr/pull/14241
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/116d03f4bbd9d9bd37afb712b6022f76bcb88a34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/116d03f4bbd9d9bd37afb712b6022f76bcb88a34
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to