[Git][security-tracker-team/security-tracker][master] 2 commits: follow sec team with ignoring CVE-2023-45853 for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: cf4d3ed5 by Thorsten Alteholz at 2023-11-20T08:51:54+01:00 follow sec team with ignoring CVE-2023-45853 for Buster - - - - - d80384de by Thorsten Alteholz at 2023-11-20T08:52:32+01:00 nothing todo for zlib - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -6089,6 +6089,7 @@ CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultan - zlib 1:1.3.dfsg-2 (bug #1054290) [bookworm] - zlib (contrib/minizip not built and producing binary packages) [bullseye] - zlib (contrib/minizip not built and producing binary packages) + [buster] - zlib (contrib/minizip not built and producing binary packages) - minizip NOTE: https://github.com/madler/zlib/pull/843 NOTE: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c = data/dla-needed.txt = @@ -285,6 +285,3 @@ zabbix zbar NOTE: 20231119: Added by Front-Desk (apo) -- -zlib (Thorsten Alteholz) - NOTE: 20231117: Added by Front-Desk (apo) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/665a6defddf4f1bf62e41c34eb1a2801af82c9a0...d80384dec6db2adbbc8c96cfbd36c39ab3dfac5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/665a6defddf4f1bf62e41c34eb1a2801af82c9a0...d80384dec6db2adbbc8c96cfbd36c39ab3dfac5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-20031 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 665a6def by Salvatore Bonaccorso at 2023-11-20T07:06:54+01:00 Mark CVE-2023-20031 as NFU According to the upstream advisory it is for Products Confirmed Not Vulnerable covering Open Source Snort 2 and Open Source Snort 3. As there no direct snort references available consider this one similar to other CVEs covering Cisco products for now as NFU. Ideally src:snort should be removed from the archive, as not maintainable in this form. It is already out of bookworm and trixie/testing (the later for now). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72121,8 +72121,7 @@ CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scann NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8 CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 Detecti ...) - - snort (bug #1056281) - NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8 + NOT-FOR-US: Cisco CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665a6defddf4f1bf62e41c34eb1a2801af82c9a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665a6defddf4f1bf62e41c34eb1a2801af82c9a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: note in dla_neded
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 16e6f3b6 by Anton Gladky at 2023-11-20T07:02:25+01:00 LTS: note in dla_neded - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -73,6 +73,7 @@ freeimage (gladk) NOTE: 20230826: Anton Gladky is the maintainer. Please sync with him about the NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll NOTE: 20230826: out the DLA/ELA now. (utkarsh) + NOTE: 20231120: many CVEs, check with ASAN is needed. (gladk) -- frr NOTE: 20231119: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16e6f3b6512b453ff0939ec5f3289d8b7bca143b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16e6f3b6512b453ff0939ec5f3289d8b7bca143b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2023-48011
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 253fabd0 by Salvatore Bonaccorso at 2023-11-20T06:57:34+01:00 Reference upstream issue for CVE-2023-48011 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -559,7 +559,7 @@ CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) - gpac (bug #1056282) [buster] - gpac (EOL in Buster LTS) - NOTE: https://github.com/gpac/gpac/issues/2613 + NOTE: https://github.com/gpac/gpac/issues/2611 NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) NOT-FOR-US: Pimcore View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fabd04aaf74c2f1d21c3bae160485f4d812e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fabd04aaf74c2f1d21c3bae160485f4d812e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take netatalk and libde265
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 0473ca78 by Anton Gladky at 2023-11-20T06:31:00+01:00 Take netatalk and libde265 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -106,7 +106,7 @@ keystone knot-resolver NOTE: 20231029: Added by Front-Desk (gladk) -- -libde265 +libde265 (gladk) NOTE: 20231119: Added by Front-Desk (apo) NOTE: 20231119: Fix along with postponed issues. -- @@ -138,7 +138,7 @@ mediawiki (guilhem) minizip (Thorsten Alteholz) NOTE: 20231117: Added by Front-Desk (apo) -- -netatalk +netatalk (gladk) NOTE: 20231119: Added by Front-Desk (apo) -- node-json5 (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0473ca7857001389e12bf070d7a9189be3c5b6f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0473ca7857001389e12bf070d7a9189be3c5b6f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take gimp
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abe44439 by Adrian Bunk at 2023-11-19T23:50:06+02:00 dla: take gimp - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,7 +77,7 @@ freeimage (gladk) frr NOTE: 20231119: Added by Front-Desk (apo) -- -gimp +gimp (Adrian Bunk) NOTE: 20231117: Added by Front-Desk (apo) -- gnutls28 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe4443933c1350993fa102dfb94fb8c7cdf1475 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe4443933c1350993fa102dfb94fb8c7cdf1475 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: give back libstb and add note to recommend waiting for upstream merging of fixes
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abee3c89 by Adrian Bunk at 2023-11-19T23:25:59+02:00 dla: give back libstb and add note to recommend waiting for upstream merging of fixes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,10 +118,13 @@ libreswan NOTE: 20230909: all due to code refactoring. I intend to package the version NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo) -- -libstb (Adrian Bunk) +libstb NOTE: 20231029: Added by Front-Desk (gladk) NOTE: 20231029: A lot of open CVEs. Maybe duplicates. NOTE: 20231029: If you take a package, please evaluate it as well as its importance. + NOTE: 20221119: None of the new CVE fixes has been reviewed by upstream so far, + NOTE: 20221119: and in the past CVE fixes have caused regressions. + NOTE: 20221119: Wait for upstream merge of fixes (and fixing in unstable). (bunk) -- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee3c890fc57b8116f537480d539849c58d6aa1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee3c890fc57b8116f537480d539849c58d6aa1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-5157 does not affect galera-3
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab1a574a by Adrian Bunk at 2023-11-19T23:08:49+02:00 CVE-2023-5157 does not affect galera-3 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -9502,10 +9502,10 @@ CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...) - galera-4 26.4.13-1 [bullseye] - galera-4 (Minor issue; can be fixed via point release) - - galera-3 (bug #1053476) - [bookworm] - galera-3 (Minor issue) - [bullseye] - galera-3 (Minor issue) + - galera-3 (vulnerable code not backported to galera-3) NOTE: https://jira.mariadb.org/browse/MDEV-25068 + NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8) + NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12) CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files] - ansible-core 2.14.11-1 (bug #1053693) [bookworm] - ansible-core (Minor issue) = data/dla-needed.txt = @@ -77,11 +77,6 @@ freeimage (gladk) frr NOTE: 20231119: Added by Front-Desk (apo) -- -galera-3 (Adrian Bunk) - NOTE: 20231028: Added by Front-Desk (gladk) - NOTE: 20231028: Acc. to CVE notes the open issue is fixed in 26.4.12. Please, try to find a corresponding commit and try to backport it. Otherwise - no-dsa. (gladk) - NOTE: 20231113: Investigating whether vulnerability already existed before commit introducing current code. (bunk) --- gimp NOTE: 20231117: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a574a0c5803bbd25c888e13f04adbb94e875d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a574a0c5803bbd25c888e13f04adbb94e875d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-48011: link to correct fixing commit again
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c9a56471 by Markus Koschany at 2023-11-19T21:34:16+01:00 CVE-2023-48011: link to correct fixing commit again - - - - - 25bc891b by Markus Koschany at 2023-11-19T21:34:49+01:00 Claim wordpress in dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -560,7 +560,7 @@ CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain - gpac (bug #1056282) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2613 - NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b + NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) NOT-FOR-US: Pimcore CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Fu ...) = data/dla-needed.txt = @@ -277,7 +277,7 @@ vlc wireshark (Adrian Bunk) NOTE: 20231118: Added by Front-Desk (apo) -- -wordpress +wordpress (Markus Koschany) NOTE: 20231119: Added by Front-Desk (apo) -- zabbix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30e3b3d4b805656e4211eb455adf07d37c678e86...25bc891bc23ba7e487e014aba675972e4dff2bbe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30e3b3d4b805656e4211eb455adf07d37c678e86...25bc891bc23ba7e487e014aba675972e4dff2bbe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 280b5aa1 by Moritz Muehlenhoff at 2023-11-19T21:29:52+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-46302 + NOT-FOR-US: Apache Submarine CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) NOT-FOR-US: WordPress plugin CVE-2023-47672 (Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Categor ...) @@ -37,13 +39,13 @@ CVE-2023-47519 (Cross-Site Request Forgery (CSRF) vulnerability in WC Product Ta CVE-2023-47243 (Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop \ucf54\ub ...) NOT-FOR-US: WordPress plugin CVE-2023-41129 (Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32514 (Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar G ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32504 (Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32245 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essenti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48736 (In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-40363 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) @@ -101,9 +103,9 @@ CVE-2023-48185 (Directory Traversal vulnerability in TerraMaster v.s1.0 through CVE-2023-48029 (Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with ...) NOT-FOR-US: Corebos CVE-2023-48025 (Liblisp through commit 4c65969 was discovered to contain a out-of-boun ...) - TODO: check + NOT-FOR-US: Liblisp CVE-2023-48024 (Liblisp through commit 4c65969 was discovered to contain a use-after-f ...) - TODO: check + NOT-FOR-US: Liblisp CVE-2023-47757 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-47073 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) @@ -27859,7 +27861,7 @@ CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-31090 RESERVED CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...) NOT-FOR-US: WordPress plugin CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...) @@ -27896,7 +27898,7 @@ CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...) NOT-FOR-US: WordPress plugin CVE-2023-31075 (Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Lo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...) NOT-FOR-US: WordPress plugin CVE-2023-31073 @@ -34946,7 +34948,7 @@ CVE-2023-28782 CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...) NOT-FOR-US: WordPress plugin CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...) NOT-FOR-US: WordPress plugin CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) @@ -42326,7 +42328,7 @@ CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and CVE-2023-26365 RESERVED CVE-2023-26364 (@adobe/css-tools version 4.3.0 and earlier are affected by an Improper ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26363 RESERVED CVE-2023-26362 @@ -43471,7 +43473,7 @@ CVE-2023-25987 CVE-2023-25986 RESERVED CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...) NOT-FOR-US: WordPress plugin CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/280b5aa1a1b376c096fc1767240ce1be0259ec5c -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Add golang-1.19 to ignored packages, will be RMed soon
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 91cc2688 by Moritz Mühlenhoff at 2023-11-19T21:12:48+01:00 Add golang-1.19 to ignored packages, will be RMed soon - - - - - 1 changed file: - data/packages/ignored-debian-bug-packages Changes: = data/packages/ignored-debian-bug-packages = @@ -12,3 +12,4 @@ thunderbird chromium webkit2gtk wpewebkit +golang-1.19 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cc26889147e4fa10d0cc3cb4bfaa6fa37e1ea5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cc26889147e4fa10d0cc3cb4bfaa6fa37e1ea5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new derby issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b7c7a2e by Moritz Muehlenhoff at 2023-11-19T21:10:55+01:00 new derby issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62622,6 +62622,9 @@ CVE-2022-41985 (An authentication bypass vulnerability exists in the Authenticat NOT-FOR-US: uC-FTPs CVE-2022-46337 RESERVED + - derby + NOTE: https://issues.apache.org/jira/browse/DERBY-7147 + NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3 CVE-2022-46336 REJECTED CVE-2022-46335 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b7c7a2ed537bafd72187daaa058e8badee602ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b7c7a2ed537bafd72187daaa058e8badee602ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ea1efad by Moritz Muehlenhoff at 2023-11-19T21:09:16+01:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -545,15 +545,15 @@ CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...) NOT-FOR-US: XXL-Job CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...) - - gpac + - gpac (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2613 NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...) - - gpac + - gpac (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2612 NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) - - gpac + - gpac (bug #1056282) NOTE: https://github.com/gpac/gpac/issues/2611 NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) @@ -857,7 +857,7 @@ CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...) - - gpac + - gpac (bug #1056282) [bullseye] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2672 CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...) @@ -1467,7 +1467,7 @@ CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi CVE-2023-5870 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 + - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/ @@ -1475,7 +1475,7 @@ CVE-2023-5870 CVE-2023-5869 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 + - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/ @@ -1483,7 +1483,7 @@ CVE-2023-5869 CVE-2023-5868 {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - - postgresql-15 + - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/ @@ -1946,7 +1946,7 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - - gpac + - gpac (bug #1056282) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2629 NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 @@ -1987,7 +1987,7 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - - gpac + - gpac (bug #1056282) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e @@ -4721,7 +4721,7 @@ CVE-2023-39333 NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333 NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca CVE-2023-5388 - - nss + - nss (bug #1056284) [bookworm] - nss (Minor issue, revisit once fixed upstream) [bullseye] - nss (Minor issue, revisit once fixed upstream) [buster] - nss (Minor issue) @@ -71656,9 +71656,8 @@ CVE-2023-20248 CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2023-20246 (Multiple Cisco
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-5981/gnutls28 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7dea2c17 by Salvatore Bonaccorso at 2023-11-19T21:03:23+01:00 Mark CVE-2023-5981/gnutls28 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -582,6 +582,8 @@ CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check vulnerability NOT-FOR-US: Schneider Electric CVE-2023-5981 [ttiming side-channel inside RSA-PSK key exchange] - gnutls28 (bug #1056188) + [bookworm] - gnutls28 (Minor issue; can be fixed via point release) + [bullseye] - gnutls28 (Minor issue; can be fixed via point release) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1511 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dea2c17d2355a69ee5c0a16349e623cb4ef5e96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dea2c17d2355a69ee5c0a16349e623cb4ef5e96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-46175: Add upstream tag information and adjust commit reference
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15f8683e by Salvatore Bonaccorso at 2023-11-19T21:02:20+01:00 CVE-2022-46175: Add upstream tag information and adjust commit reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63141,8 +63141,8 @@ CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h NOTE: https://github.com/json5/json5/issues/199 NOTE: https://github.com/json5/json5/issues/295 - NOTE: for v1 fixed by https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972.patch - NOTE: for v2 fixed by https://github.com/json5/json5/commit/4a8c4568fe6bf85daf6f473aaa50007c43f74d6e.patch + NOTE: Fixed by: https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972 (v1.0.2) + NOTE: Fixed by: https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8 (v2.2.2) CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...) NOT-FOR-US: AWS efs-utils CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f8683e3e89287119568b4957f05be610e143cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f8683e3e89287119568b4957f05be610e143cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes which were included between 4.0.6-1~deb12u1 and 4.0.11-1~deb12u1...
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f54e74ed by Salvatore Bonaccorso at 2023-11-19T20:57:33+01:00 Track fixes which were included between 4.0.6-1~deb12u1 and 4.0.11-1~deb12u1 directly as well in DSA list - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,5 +1,5 @@ [19 Nov 2023] DSA-5559-1 wireshark - security update - {CVE-2023-6174 CVE-2023-6175} + {CVE-2023-3648 CVE-2023-3649 CVE-2023-4511 CVE-2023-4512 CVE-2023-4513 CVE-2023-2906 CVE-2023-5371 CVE-2023-6174 CVE-2023-6175} [bookworm] - wireshark 4.0.11-1~deb12u1 [18 Nov 2023] DSA-5558-1 netty - security update {CVE-2023-34462 CVE-2023-44487} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54e74ed8112132f52cb3118749f698bf216110b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54e74ed8112132f52cb3118749f698bf216110b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pixman non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 790c86cd by Moritz Muehlenhoff at 2023-11-19T20:56:17+01:00 pixman non issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18914,11 +18914,9 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow NOTE: https://github.com/grame-cncm/faust/issues/922 NOTE: Negligible security impact CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...) - - pixman - [bookworm] - pixman (Minor issue) - [bullseye] - pixman (Minor issue) - [buster] - pixman (Minor issue) + - pixman (unimportant) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 + NOTE: Crash in test tool, no security impact CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) NOT-FOR-US: Open Enclave CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/790c86cdd73ca45ee37bdfd1eb8809c8d62b7ff9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/790c86cdd73ca45ee37bdfd1eb8809c8d62b7ff9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] janino unimportant
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e8efb7b2 by Moritz Muehlenhoff at 2023-11-19T20:50:18+01:00 janino unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24513,11 +24513,9 @@ CVE-2023-33551 (Heap Buffer Overflow in the erofsfsck_dirent_iter function in fs NOTE: https://github.com/lometsj/blog_repo/issues/2 NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental=27aeef179bf17d5f1d98f827e93d24839a6d4176 CVE-2023-33546 (Janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...) - - janino - [bookworm] - janino (Minor issue) - [bullseye] - janino (Minor issue) - [buster] - janino (Minor issue) + - janino (unimportant) NOTE: https://github.com/janino-compiler/janino/issues/201 + NOTE: Bug fixed in 3.1.10, but not considered a security issue by upstream CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...) NOT-FOR-US: hawtio CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8efb7b285ac0623d65b41b46c05bdbe5c79bc1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8efb7b285ac0623d65b41b46c05bdbe5c79bc1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark two barbican issues as RH-specific
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cbe2803 by Moritz Muehlenhoff at 2023-11-19T20:41:52+01:00 mark two barbican issues as RH-specific - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34710,7 +34710,7 @@ CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative exec [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (5.18-rc2) CVE-2023-1636 (A vulnerability was found in OpenStack Barbican containers. This vulne ...) - - barbican + - barbican (Apparently RHOSP-specific, full details never made public) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181765 NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared as probl ...) @@ -34718,7 +34718,7 @@ CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared as CVE-2023-1634 (A vulnerability was found in OTCMS 6.72. It has been classified as cri ...) NOT-FOR-US: OTCMS CVE-2023-1633 (A credentials leak flaw was found in OpenStack Barbican. This flaw all ...) - - barbican + - barbican (Apparently RHOSP-specific, full details never made public) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181761 NOTE: https://review.rdoproject.org/r/48529 NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbe28036d4bb7a6d59686cf73073e71ae834fe2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbe28036d4bb7a6d59686cf73073e71ae834fe2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fix from upstream for node-json5 CVE-2022-46175
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: b7b3a286 by Bastien Roucariès at 2023-11-19T19:39:03+00:00 Add fix from upstream for node-json5 CVE-2022-46175 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63145,6 +63145,8 @@ CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h NOTE: https://github.com/json5/json5/issues/199 NOTE: https://github.com/json5/json5/issues/295 + NOTE: for v1 fixed by https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972.patch + NOTE: for v2 fixed by https://github.com/json5/json5/commit/4a8c4568fe6bf85daf6f473aaa50007c43f74d6e.patch CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...) NOT-FOR-US: AWS efs-utils CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b3a2868e53f6f7c1af3e739eb7b9211e12f313 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b3a2868e53f6f7c1af3e739eb7b9211e12f313 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add myself for node-json5
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f8669ae by Bastien Roucariès at 2023-11-19T19:37:41+00:00 Add myself for node-json5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -131,7 +131,7 @@ netty (Markus Koschany) NOTE: 20231104: Added by Front-Desk (lamby) NOTE: 20231104: For, at least, CVE-2023-44487. (lamby) -- -node-json5 +node-json5 (rouca) NOTE: 20231105: Added by Front-Desk (lamby) NOTE: 20231105: Sync with later releases. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8669ae8290393eb0056306b324e33fa954cab8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8669ae8290393eb0056306b324e33fa954cab8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] wireshark DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c73e3a30 by Moritz Mühlenhoff at 2023-11-19T20:27:43+01:00 wireshark DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[19 Nov 2023] DSA-5559-1 wireshark - security update + {CVE-2023-6174 CVE-2023-6175} + [bookworm] - wireshark 4.0.11-1~deb12u1 [18 Nov 2023] DSA-5558-1 netty - security update {CVE-2023-34462 CVE-2023-44487} [bullseye] - netty 1:4.1.48-4+deb11u2 = data/dsa-needed.txt = @@ -92,8 +92,6 @@ tiff (aron) -- tor (jmm) -- -wireshark/stable (jmm) --- xen (jmm) -- zbar View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c73e3a3032f8e752e2d2ceffdb5fe4e3c116903c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c73e3a3032f8e752e2d2ceffdb5fe4e3c116903c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim amanda in dla-needed.txt
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: a63f0bd4 by Tobias Frost at 2023-11-19T20:26:07+01:00 LTS: claim amanda in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,7 +21,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -amanda +amanda (tobi) NOTE: 20230730: Added by Front-Desk (apo) -- bind9 (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a63f0bd4c850a26163e9b075a8c3f5894a7eeaf5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a63f0bd4c850a26163e9b075a8c3f5894a7eeaf5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] wireshark updates
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ed2dc02 by Moritz Muehlenhoff at 2023-11-19T20:21:11+01:00 wireshark updates - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -265,6 +265,7 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2) CVE-2023-6175 [NetScreen file parser crash] - wireshark 4.0.11-1 + [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404 CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...) @@ -7824,7 +7825,6 @@ CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCo NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...) - wireshark 4.0.10-1 - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322 @@ -13762,7 +13762,6 @@ CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0 NOT-FOR-US: TechView LA-5570 Wireless Gateway CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...) - wireshark 4.0.8-1 - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html @@ -14045,21 +14044,18 @@ CVE-2023- [tryton-server lack of record validation] NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...) - wireshark 4.0.8-1 - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...) - wireshark 4.0.8-1 - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...) - wireshark 4.0.8-1 - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258 @@ -19238,14 +19234,12 @@ CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository frox - froxlor (bug #581792) CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...) - wireshark 4.0.7-1 (bug #1041101) - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...) - wireshark 4.0.7-1 (bug #1041101) - [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Vulnerable code not present) [buster] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html = data/dsa-needed.txt = @@ -92,7 +92,7 @@ tiff (aron) -- tor (jmm) -- -wireshark/stable +wireshark/stable (jmm) -- xen (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ed2dc0285090acfeec5743a902ca51f5f77366e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ed2dc0285090acfeec5743a902ca51f5f77366e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45853/zlib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 519fa4ad by Salvatore Bonaccorso at 2023-11-19T19:16:33+01:00 Update status for CVE-2023-45853/zlib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6071,9 +6071,12 @@ CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directorie NOT-FOR-US: qdPM CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) - zlib 1:1.3.dfsg-2 (bug #1054290) + [bookworm] - zlib (contrib/minizip not built and producing binary packages) + [bullseye] - zlib (contrib/minizip not built and producing binary packages) - minizip NOTE: https://github.com/madler/zlib/pull/843 NOTE: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c + NOTE: src:zlib only starts building minizip starting in 1:1.2.13.dfsg-2 CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) NOT-FOR-US: VitogateqdPM CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519fa4ad36171abc558d54729f8f2ba7914e719d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519fa4ad36171abc558d54729f8f2ba7914e719d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-48052/httpie
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4898b641 by Salvatore Bonaccorso at 2023-11-19T13:40:03+01:00 Add CVE-2023-48052/httpie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -311,7 +311,8 @@ CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows a CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...) NOT-FOR-US: Archery CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...) - TODO: check + - httpie + TODO: check details CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrence ...) NOT-FOR-US: WordPress plugin CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4898b641782f08da761cafa5837ccebcd417a817 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4898b641782f08da761cafa5837ccebcd417a817 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae8273b3 by Salvatore Bonaccorso at 2023-11-19T13:39:20+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47672 (Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Categor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47671 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Verti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47670 (Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Kore ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47667 (Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Ful ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47666 (Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47664 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47655 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC X ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47651 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47650 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47649 (Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Res ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47644 (Cross-Site Request Forgery (CSRF) vulnerability in profilegrid Profile ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47556 (Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Devi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47553 (Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc User ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47552 (Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47551 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47531 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47519 (Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47243 (Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop \ucf54\ub ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41129 (Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon Wor ...) TODO: check CVE-2023-32514 (Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar G ...) @@ -61,7 +61,7 @@ CVE-2023-48294 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network mon CVE-2023-48238 (joaquimserafim/json-web-token is a javascript library use to interact ...) TODO: check CVE-2023-48028 (kodbox 1.46.01 has a security flaw that enables user enumeration. This ...) - TODO: check + NOT-FOR-US: kodbox CVE-2023-48017 (Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) v ...) NOT-FOR-US: Dreamer CMS CVE-2023-46745 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8273b35bb390675b2425305252149506ebede9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8273b35bb390675b2425305252149506ebede9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed for audiofile via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c03d677 by Salvatore Bonaccorso at 2023-11-19T13:36:13+01:00 Track fixed for audiofile via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -127313,7 +127313,7 @@ CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.ph NOT-FOR-US: Luocms CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...) {DLA-3650-1} - - audiofile (bug #1008017) + - audiofile 0.3.6-6 (bug #1008017) [bookworm] - audiofile (Minor issue) [bullseye] - audiofile (Minor issue) [stretch] - audiofile (Minor issue) @@ -310544,7 +310544,7 @@ CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2 NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...) {DLA-3650-1} - - audiofile (low; bug #931343) + - audiofile 0.3.6-6 (low; bug #931343) [bookworm] - audiofile (Minor issue) [bullseye] - audiofile (Minor issue) [stretch] - audiofile (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c03d6778943ea79d10cc24b1d1727b9cc136980 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c03d6778943ea79d10cc24b1d1727b9cc136980 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-46604/activemq via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec5c578a by Salvatore Bonaccorso at 2023-11-19T13:34:50+01:00 Track fixed version for CVE-2023-46604/activemq via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3552,7 +3552,7 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when proces [buster] - memcached (The vulnerable code was introduced later) NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22) CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ...) - - activemq (bug #1054909) + - activemq 5.17.6+dfsg-1 (bug #1054909) NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5 CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out of bound ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec5c578a829cc4bf741f5f723f41dfc848381aac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec5c578a829cc4bf741f5f723f41dfc848381aac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/ela-needed.txt: claim varnish
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 74505a75 by Abhijith PA at 2023-11-19T17:15:14+05:30 data/ela-needed.txt: claim varnish - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -246,7 +246,7 @@ suricata (Adrian Bunk) symfony NOTE: 20231118: Added by Front-Desk (apo) -- -varnish +varnish (Abhijith PA) NOTE: 20231117: Added by Front-Desk (apo) -- vlc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74505a75ee34ccff60c46c0fd48bd61c8316ff97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74505a75ee34ccff60c46c0fd48bd61c8316ff97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f3e1f05 by Thorsten Alteholz at 2023-11-19T12:30:17+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -27,7 +27,7 @@ amanda bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches - NOTE: 20231105: still testing package + NOTE: 20231119: almost done with testing -- cacti NOTE: 20230906: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f3e1f05d46bbc698b4afd76fb80132253286e92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f3e1f05d46bbc698b4afd76fb80132253286e92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2023-42118 as postponed for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: bbdc482f by Thorsten Alteholz at 2023-11-19T12:25:47+01:00 mark CVE-2023-42118 as postponed for Buster - - - - - 5e55e16e by Thorsten Alteholz at 2023-11-19T12:26:57+01:00 mark CVE for libspf2 as postponed and remove entry from dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -8906,6 +8906,7 @@ CVE-2023-42118 [Exim libspf2 Integer Underflow Remote Code Execution Vulnerabili - libspf2 (bug #1053870) [bookworm] - libspf2 (Revisit once upstream and ZDI status is clarfied) [bullseye] - libspf2 (Revisit once upstream and ZDI status is clarfied) + [buster] - libspf2 (Revisit once upstream and ZDI status is clarfied) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3032 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 = data/dla-needed.txt = @@ -110,10 +110,6 @@ libreswan NOTE: 20230909: all due to code refactoring. I intend to package the version NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo) -- -libspf2 (Thorsten Alteholz) - NOTE: 20231016: Added by Front-Desk (ta) - NOTE: 20231105: upstream does not know yet, whether available patch is enough (ta) --- libstb (Adrian Bunk) NOTE: 20231029: Added by Front-Desk (gladk) NOTE: 20231029: A lot of open CVEs. Maybe duplicates. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b8b8eb6080ec483c17a1f397419ea0ea8bc65...5e55e16e5064fa8a8d6d1253fcf65fe9e98fd4d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b8b8eb6080ec483c17a1f397419ea0ea8bc65...5e55e16e5064fa8a8d6d1253fcf65fe9e98fd4d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 937b8b8e by security tracker role at 2023-11-19T08:11:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) + TODO: check +CVE-2023-47672 (Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Categor ...) + TODO: check +CVE-2023-47671 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Verti ...) + TODO: check +CVE-2023-47670 (Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Kore ...) + TODO: check +CVE-2023-47667 (Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Ful ...) + TODO: check +CVE-2023-47666 (Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro C ...) + TODO: check +CVE-2023-47664 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Pl ...) + TODO: check +CVE-2023-47655 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC X ...) + TODO: check +CVE-2023-47651 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Li ...) + TODO: check +CVE-2023-47650 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add ...) + TODO: check +CVE-2023-47649 (Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Res ...) + TODO: check +CVE-2023-47644 (Cross-Site Request Forgery (CSRF) vulnerability in profilegrid Profile ...) + TODO: check +CVE-2023-47556 (Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Devi ...) + TODO: check +CVE-2023-47553 (Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc User ...) + TODO: check +CVE-2023-47552 (Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image H ...) + TODO: check +CVE-2023-47551 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) + TODO: check +CVE-2023-47531 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit D ...) + TODO: check +CVE-2023-47519 (Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table Wo ...) + TODO: check +CVE-2023-47243 (Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop \ucf54\ub ...) + TODO: check +CVE-2023-41129 (Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon Wor ...) + TODO: check +CVE-2023-32514 (Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar G ...) + TODO: check +CVE-2023-32504 (Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.Th ...) + TODO: check +CVE-2023-32245 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essenti ...) + TODO: check CVE-2023-48736 (In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-40363 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) @@ -27815,8 +27861,8 @@ CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-31090 RESERVED -CVE-2023-31089 - RESERVED +CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video ...) + TODO: check CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...) NOT-FOR-US: WordPress plugin CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...) @@ -27852,8 +27898,8 @@ CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export NOT-FOR-US: WordPress plugin CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...) NOT-FOR-US: WordPress plugin -CVE-2023-31075 - RESERVED +CVE-2023-31075 (Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Lo ...) + TODO: check CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...) NOT-FOR-US: WordPress plugin CVE-2023-31073 @@ -34902,8 +34948,8 @@ CVE-2023-28782 RESERVED CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...) NOT-FOR-US: WordPress plugin -CVE-2023-28780 - RESERVED +CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...) + TODO: check CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...) NOT-FOR-US: WordPress plugin CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) @@ -43427,8 +43473,8 @@ CVE-2023-25987 RESERVED CVE-2023-25986 RESERVED