Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7fa5caa by Moritz Mühlenhoff at 2024-01-12T23:17:14+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -223,7 +223,7 @@ CVE-2022-4960 (A vulnerability, which was classified as
problematic, has been fo
CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk
redbbs ...)
NOT-FOR-US: qkmc-rk redbbs
CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in
epoll_wait if m ...)
- - libuev <unfixed>
+ - libuev <unfixed> (bug #1060692)
[bookworm] - libuev <no-dsa> (Minor issue)
[bullseye] - libuev <no-dsa> (Minor issue)
NOTE: https://github.com/troglobit/libuev/issues/27
@@ -703,7 +703,7 @@ CVE-2023-50916 (Kyocera Device Manager before 3.1.1213.0
allows NTLM credential
CVE-2023-50172 (A recovery notification bypass vulnerability exists in the
userRecover ...)
NOT-FOR-US: WWBN AVideo
CVE-2023-50120 (MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was
discovered to ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1060696)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2698
NOTE:
https://github.com/gpac/gpac/commit/b655955b840ccd7c7198bb15375aa510e76208eb
@@ -860,28 +860,23 @@ CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability
in JFinalcms 5.0.0 allo
CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection
vulnerability vi ...)
NOT-FOR-US: SEMCMS
CVE-2023-47997 (An issue discovered in
BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1060691)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
- TODO: check upstream reporting status
CVE-2023-47996 (An integer overflow vulnerability in
Exif.cpp::jpeg_read_exif_dir in F ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1060691)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
- TODO: check upstream reporting status
CVE-2023-47995 (Buffer Overflow vulnerability in
BitmapAccess.cpp::FreeImage_AllocateB ...)
- - freeimage <unfixed>
- TODO: check no sensible references in CVE entry
+ - freeimage <undetermined>
+ NOTE: no sensible references in CVE entry
CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4
function in Plu ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1060691)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994
- TODO: check upstream reporting status
CVE-2023-47993 (A Buffer out-of-bound read vulnerability in
Exif.cpp::ReadInt32 in Fre ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1060691)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993
- TODO: check upstream reporting status
CVE-2023-47992 (An integer overflow vulnerability in
FreeImageIO.cpp::_MemoryReadProc ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1060691)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992
- TODO: check upstream reporting status
CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE
MF258. Due t ...)
NOT-FOR-US: ZTE
CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an
Attacker m ...)
@@ -3275,13 +3270,13 @@ CVE-2023-51772 (One Identity Password Manager before
5.13.1 allows Kiosk Escape.
CVE-2023-51771 (In MicroHttpServer (aka Micro HTTP Server) through a8ab029,
_ParseHead ...)
NOT-FOR-US: MicroHttpServer
CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt
before 5.15. ...)
- - qt6-base <unfixed>
+ - qt6-base <unfixed> (bug #1060693)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- - qtbase-opensource-src <unfixed>
+ - qtbase-opensource-src <unfixed> (bug #1060694)
[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- - qtbase-opensource-src-gles <unfixed>
+ - qtbase-opensource-src-gles <unfixed> (bug #1060695)
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/524864
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fa5caae260334245d5e88d0a692d462d8bcfc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fa5caae260334245d5e88d0a692d462d8bcfc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
