Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f496e701 by Moritz Muehlenhoff at 2023-12-22T14:49:22+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1099,14 +1099,13 @@ CVE-2023-6903 (A vulnerability classified as critical
has been found in Netentse
CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated
Tool-as ...)
NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service)
CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0
allows atta ...)
- - libcrypto++ <unfixed>
+ - libcrypto++ <unfixed> (bug #1059312)
NOTE: https://github.com/weidai11/cryptopp/issues/1249
CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows
attackers to ...)
- - libcrypto++ <unfixed>
+ - libcrypto++ <unfixed> (bug #1059311)
NOTE: https://github.com/weidai11/cryptopp/issues/1248
- TODO: check details about mitigation applied, but issue in per se
"unfixed"
CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side
channel during ...)
- - libcrypto++ <unfixed>
+ - libcrypto++ <unfixed> (bug #1059310)
NOTE: https://github.com/weidai11/cryptopp/issues/1247
CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing
authoriz ...)
NOT-FOR-US: Redpanda
@@ -1982,7 +1981,7 @@ CVE-2023-40628 (A reflected XSS vulnerability was
discovered in the Extplorer co
CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord
compone ...)
NOT-FOR-US: Joomla module
CVE-2023-37457 (Asterisk is an open source private branch exchange and
telephony toolk ...)
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1059303)
NOTE:
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
NOTE:
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
CVE-2023-3904 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -2140,7 +2139,7 @@ CVE-2023-40921 (SQL Injection vulnerability in
functions/point_list.php in Commo
CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3
allows atta ...)
NOT-FOR-US: DedeBIZ
CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption -
incomplete fix for CVE-2020-25659]
- - python-cryptography <unfixed>
+ - python-cryptography <unfixed> (bug #1059308)
[buster] - python-cryptography <no-dsa> (Minor issue; it's an
incomplete fix of CVE-2020-25659)
NOTE: https://github.com/pyca/cryptography/issues/9785
NOTE: https://people.redhat.com/~hkario/marvin/
@@ -11235,7 +11234,7 @@ CVE-2023-45805 (pdm is a Python package and dependency
manager supporting the la
NOTE:
https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9
NOTE:
https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831
CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior
to 2.2. ...)
- - libxml-security-java <unfixed>
+ - libxml-security-java <unfixed> (bug #1059313)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5
NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
@@ -13938,9 +13937,9 @@ CVE-2023-40008 (Cross-Site Request Forgery (CSRF)
vulnerability in Gangesh Matta
CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus
subsyste ...)
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-38703 (PJSIP is a free and open source multimedia communication
library writt ...)
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1059303)
- pjproject <removed>
- - ring <undetermined>
+ - ring <unfixed> (bug #1059307)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66
NOTE:
https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d
(2.14)
CVE-2023-36465 (Decidim is a participatory democracy framework, written in
Ruby on Rai ...)
@@ -19701,7 +19700,7 @@ CVE-2023-3251 (A pass-back vulnerability exists where
an authenticated, remote a
CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web
interface ...)
NOT-FOR-US: BDCOM OLT P3310D-2AC
CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular
expression ...)
- - mathjax <unfixed>
+ - mathjax <unfixed> (bug #1059304)
[bookworm] - mathjax <no-dsa> (Minor issue)
[bullseye] - mathjax <no-dsa> (Minor issue)
[buster] - mathjax <no-dsa> (Minor issue)
@@ -20263,11 +20262,11 @@ CVE-2023-40036 (Notepad++ is a free and open-source
source code editor. Versions
CVE-2023-40031 (Notepad++ is a free and open-source source code editor.
Versions 8.5.6 ...)
NOT-FOR-US: Notepad++
CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and
compiles the pr ...)
- - cargo <unfixed>
+ - cargo <unfixed> (bug #1059305)
[bookworm] - cargo <no-dsa> (Minor issue)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <no-dsa> (Minor issue)
- - rust-cargo <unfixed>
+ - rust-cargo <unfixed> (bug #1059306)
[bookworm] - rust-cargo <no-dsa> (Minor issue)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <no-dsa> (Minor issue)
@@ -20725,7 +20724,7 @@ CVE-2022-48571 (memcached 1.6.7 allows a Denial of
Service via multi-packet uplo
- memcached 1.6.8+dfsg-1
NOTE: Fixed by:
https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966
(1.6.8)
CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA
signature ...)
- - libcrypto++ <unfixed>
+ - libcrypto++ <unfixed> (bug #1059309)
[bookworm] - libcrypto++ <no-dsa> (Minor issue)
[bullseye] - libcrypto++ <no-dsa> (Minor issue)
[buster] - libcrypto++ <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f496e7011dee7164290e1a3b085c3b96d30c7e3d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f496e7011dee7164290e1a3b085c3b96d30c7e3d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
