Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51ff972b by Salvatore Bonaccorso at 2023-10-23T20:48:41+02:00
Update two CVEs from Oracle CPU about MySQL connectors for java
- - - - -
a9414c95 by Salvatore Bonaccorso at 2023-10-23T20:48:43+02:00
Associate some upstream tags for upstream commits
- - - - -
29bc53ba by Salvatore Bonaccorso at 2023-10-23T20:48:45+02:00
Add cross references to upstream issues for libstb reports
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -220,42 +220,49 @@ CVE-2023-45675 (stb_vorbis is a single file MIT licensed
library for processing
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 8)
+ NOTE: https://github.com/nothings/stb/issues/1552
NOTE: https://github.com/nothings/stb/pull/1553
CVE-2023-45667 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 7)
+ NOTE: https://github.com/nothings/stb/issues/1550
NOTE: https://github.com/nothings/stb/pull/1551
CVE-2023-45666 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 6)
+ NOTE: https://github.com/nothings/stb/issues/1548
NOTE: https://github.com/nothings/stb/pull/1549
CVE-2023-45664 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 4)
+ NOTE: https://github.com/nothings/stb/issues/1542
NOTE: https://github.com/nothings/stb/pull/1545
CVE-2023-45663 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 3)
+ NOTE: https://github.com/nothings/stb/issues/1542
NOTE: https://github.com/nothings/stb/pull/1543
CVE-2023-45662 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 2)
+ NOTE: https://github.com/nothings/stb/issues/1540
NOTE: https://github.com/nothings/stb/pull/1541
CVE-2023-45661 (stb_image is a single file MIT licensed library for processing
images. ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
(issue 1)
+ NOTE: https://github.com/nothings/stb/issues/1538
NOTE: https://github.com/nothings/stb/pull/1539
CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
NOT-FOR-US: CMSmadesimple
@@ -1015,8 +1022,8 @@ CVE-2023-42459 (Fast DDS is a C++ implementation of the
DDS (Data Distribution S
CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- trafficserver <unfixed> (bug #1054427)
NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- NOTE:
https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0
(8.1.x)
- NOTE:
https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e
(9.2.x)
+ NOTE:
https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0
(8.1.9)
+ NOTE:
https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e
(9.2.3-rc0)
CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration &
Login an ...)
NOT-FOR-US: Phpgurukul
CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User
Registrati ...)
@@ -1032,7 +1039,7 @@ CVE-2023-39456 (Improper Input Validation vulnerability
in Apache Traffic Server
[bullseye] - trafficserver <not-affected> (Vulnerable code not present)
[buster] - trafficserver <not-affected> (Vulnerable code not present)
NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- NOTE:
https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5
(9.2.x)
+ NOTE:
https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5
(9.2.3-rc0)
CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect
Server) 11. ...)
NOT-FOR-US: IBM
CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
@@ -2466,7 +2473,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of
service (server resource
NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack,
using that as the fixed version
NOTE: ATS:
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
NOTE: ATS:
https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682
(9.2.3-rc0)
- NOTE: ATS:
https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620
(8.1.x)
+ NOTE: ATS:
https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620
(8.1.9)
NOTE: h2o:
https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe
NOTE: haproxy:
http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a
(v1.9-dev1)
NOTE: haproxy:
https://www.mail-archive.com/haproxy@formilux.org/msg44134.html
@@ -52907,7 +52914,7 @@ CVE-2023-22104 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
- TODO: check
+ - mysql-connector-java <removed>
CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -53188,7 +53195,7 @@ CVE-2023-21973 (Vulnerability in the Oracle
iProcurement product of Oracle E-Bus
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
- NOT-FOR-US: MySQL Connector for Java
+ - mysql-connector-java <removed>
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component:
Installation). Supp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/19aee39d9c4b1536defb8882679e3308993eb142...29bc53ba39c33cef622bd1cdc9396a8a506952f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/19aee39d9c4b1536defb8882679e3308993eb142...29bc53ba39c33cef622bd1cdc9396a8a506952f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
