Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0467063d by Salvatore Bonaccorso at 2023-12-17T21:15:29+01:00
Add upstream tag information for upstream commits for easier tracking
- - - - -
46670c0f by Salvatore Bonaccorso at 2023-12-17T21:15:31+01:00
Add additional information for older CVE and add respective upstream tags to
commits
- - - - -
a6b4af6a by Salvatore Bonaccorso at 2023-12-17T21:19:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2023-6902 (A vulnerability has been found in codelyfe Stupid Simple CMS up
to 1.2 ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2023-6901 (A vulnerability, which was classified as critical, was found in
codely ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2023-6900 (A vulnerability, which was classified as critical, has been
found in r ...)
- TODO: check
+ NOT-FOR-US: rmountjoy92 DashMachine
CVE-2023-6899 (A vulnerability classified as problematic was found in
rmountjoy92 Das ...)
- TODO: check
+ NOT-FOR-US: rmountjoy92 DashMachine
CVE-2023-6898 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Courier Management System
CVE-2023-6896 (A vulnerability was found in SourceCodester Simple Image Stack
Website ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Image Stack Website
CVE-2023-50271 (A potential security vulnerability has been identified with
HP-UX Syst ...)
- TODO: check
+ NOT-FOR-US: HP-UX System Management Homepage (SMH)
CVE-2023-49834 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
FOX \u20 ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-49824 (Cross-Site Request Forgery (CSRF) vulnerability in
PixelYourSite Produ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49816 (Cross-Site Request Forgery (CSRF) vulnerability in Innovative
Solution ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49775 (Cross-Site Request Forgery (CSRF) vulnerability in Denis
Kobozev CSV I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49769 (Cross-Site Request Forgery (CSRF) vulnerability in SoftLab
Integrate G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49751 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian
Popescu Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6895 (A vulnerability was found in Hikvision Intercom Broadcasting
System 3. ...)
NOT-FOR-US: Hikvision Intercom Broadcasting System
CVE-2023-6894 (A vulnerability was found in Hikvision Intercom Broadcasting
System 3. ...)
@@ -53869,7 +53869,7 @@ CVE-2023-24382 (Cross-Site Request Forgery (CSRF)
vulnerability in Photon WP Mat
CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NsTh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke
Simple Wp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24379
RESERVED
CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -309176,7 +309176,9 @@ CVE-2019-14905 (A vulnerability was found in Ansible
Engine versions 2.9.x befor
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
NOTE: https://github.com/ansible/ansible/pull/65423
NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
- NOTE: Fixed for 2.7 by
https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/65848.patch
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/1257448636772859924157fa76341a698e4bf823
(v2.9.3)
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/0d08d78637ba8f608b490bf2dc8700604faa8f80
(v2.8.8)
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/88416b627caac5f0f4bff335d5387e0bcca938ca
(v2.7.16)
CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible
Community ...)
{DSA-4950-1 DLA-2535-1}
- ansible 2.9.4+dfsg-1 (low)
@@ -309435,7 +309437,8 @@ CVE-2019-14858 (A vulnerability was found in Ansible
engine 2.x up to 2.8 and An
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
NOTE: Sub-options/sub-specs/sub-parameters introduced in
https://github.com/ansible/ansible/commit/25de905c6e05bd6df91f4299628ee6d386d3da50
(2.4)
- NOTE: Fix for 2.7
https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
(v2.8.6)
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
(v2.7.14)
CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1.
An open r ...)
{DLA-2298-1 DLA-1996-1}
- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8735143d0e9b36c364c269716107e12feb1265e5...a6b4af6a71535a70f8a1688aa9a18c063c521bc6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8735143d0e9b36c364c269716107e12feb1265e5...a6b4af6a71535a70f8a1688aa9a18c063c521bc6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
