Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 04eaeeee by Salvatore Bonaccorso at 2023-12-25T21:48:38+01:00 Track some fixes (upstream versions) for opennds Some issues are fixed in v10.1.2, two more in v10.1.3, but not all of the report in https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx seem addressed. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6782,9 +6782,11 @@ CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 all CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3) CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3) CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS ...) NOT-FOR-US: OpenNMS CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) @@ -6800,18 +6802,21 @@ CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and ear CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38323 - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38321 - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38319 - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx @@ -6824,15 +6829,19 @@ CVE-2023-38317 CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...) - opennds <unfixed> NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx + NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...) NOT-FOR-US: CubeCart CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04eaeeee25abb97ba7b8e28623364a2ad03dd932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04eaeeee25abb97ba7b8e28623364a2ad03dd932 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
