[Git][security-tracker-team/security-tracker][master] Add CVE-2023-26112/configobj
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 6 21:42:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
63f2eb1e by Salvatore Bonaccorso at 2023-04-06T22:41:49+02:00
Add CVE-2023-26112/configobj
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9894,7 +9894,9 @@ CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable
CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
TODO: check
CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...)
- TODO: check
+ - configobj <unfixed>
+ NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
+ NOTE: https://github.com/DiffSK/configobj/issues/232
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63f2eb1e99cdca32ee0a739bae7f401306bdb977
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63f2eb1e99cdca32ee0a739bae7f401306bdb977
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230406/b724e172/attachment.htm>
More information about the debian-security-tracker-commits
mailing list