[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Apr 22 18:38:21 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7b544b6 by Moritz Muehlenhoff at 2023-04-22T19:37:50+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1742,15 +1742,15 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations
CVE-2023-1995
RESERVED
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #1034721)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html
CVE-2023-1991
@@ -9414,7 +9414,7 @@ CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series d
CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...)
NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server
CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for 64 bit ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb
@@ -12023,7 +12023,7 @@ CVE-2023-26966
CVE-2023-26965
RESERVED
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
- - rust-h2 <unfixed>
+ - rust-h2 <unfixed> (bug #1034723)
NOTE: https://github.com/hyperium/hyper/issues/2877
NOTE: https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17)
CVE-2023-26963
@@ -12126,7 +12126,7 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
NOT-FOR-US: Diasoft File Replication Pro
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- - libyang2 <unfixed>
+ - libyang2 <unfixed> (bug #1034724)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1987
NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
@@ -17497,7 +17497,7 @@ CVE-2023-0647 (A vulnerability, which was classified as critical, has been found
CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...)
NOT-FOR-US: dst-admin
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
- - jpeg-xl <unfixed>
+ - jpeg-xl <unfixed> (bug #1034722)
NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
@@ -19259,7 +19259,7 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che
CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -19267,7 +19267,7 @@ CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to imp
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -19275,7 +19275,7 @@ CVE-2023-0465 (Applications that use a non-default option when verifying certifi
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
- - openssl <unfixed>
+ - openssl <unfixed> (bug #1034720)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
@@ -28774,19 +28774,19 @@ CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2023-21983
RESERVED
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21975
RESERVED
CVE-2023-21974
@@ -28794,7 +28794,7 @@ CVE-2023-21974
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
NOT-FOR-US: MySQL Connector for Java
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
@@ -28810,7 +28810,7 @@ CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -28818,7 +28818,7 @@ CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21961
RESERVED
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -28832,13 +28832,13 @@ CVE-2023-21957
CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21951
@@ -28850,11 +28850,11 @@ CVE-2023-21949
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
NOT-FOR-US: Oracle
CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
@@ -28864,7 +28864,7 @@ CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and Provisi
CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28880,11 +28880,11 @@ CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
NOT-FOR-US: Oracle
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -28894,7 +28894,7 @@ CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
@@ -28912,9 +28912,9 @@ CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of Or
CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
NOT-FOR-US: Oracle
CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...)
NOT-FOR-US: Oracle
CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -28930,7 +28930,7 @@ CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1
CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
@@ -108338,7 +108338,7 @@ CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions
CVE-2021-45424
RESERVED
CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports f ...)
- - pev <unfixed>
+ - pev <unfixed> (bug #1034725)
NOTE: https://github.com/merces/libpe/issues/35
NOTE: https://github.com/merces/libpe/commit/9b5fedc37ccbcd23695a0e97c0fe46c999e26100
NOTE: https://github.com/merces/libpe/commit/8960f7d710c4d1a43badd2bbf273721248b864f8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b544b62bcfb1cf33e81e68ee30e28600159819
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7b544b62bcfb1cf33e81e68ee30e28600159819
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230422/e33a3a03/attachment.htm>
More information about the debian-security-tracker-commits
mailing list