[Git][security-tracker-team/security-tracker][master] 6 commits: lts: CVE-2022-3590/wordpress postponed on buster

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Wed Apr 26 12:47:09 BST 2023 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9393312f by Emilio Pozuelo Monfort at 2023-04-26T13:10:36+02:00
lts: CVE-2022-3590/wordpress postponed on buster

- - - - -
25640d1f by Emilio Pozuelo Monfort at 2023-04-26T13:15:38+02:00
lts: CVE-2023-2241/podofo no-dsa on buster

- - - - -
63be24e3 by Emilio Pozuelo Monfort at 2023-04-26T13:19:07+02:00
lts: CVE-2023-25815/git no-dsa on buster

- - - - -
05ba0863 by Emilio Pozuelo Monfort at 2023-04-26T13:37:36+02:00
Add fixing commits for CVE-2023-29007/git

- - - - -
bea6c569 by Emilio Pozuelo Monfort at 2023-04-26T13:44:36+02:00
Add fixing commit for CVE-2023-25652/git

- - - - -
8948fcfa by Emilio Pozuelo Monfort at 2023-04-26T13:46:24+02:00
Add fixing commit for CVE-2023-25815/git

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -496,6 +496,7 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P
 	- libpodofo <unfixed>
 	[bookworm] - libpodofo <no-dsa> (Minor issue)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
+	[buster] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://github.com/podofo/podofo/issues/69
 	NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
 CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...)
@@ -6123,6 +6124,10 @@ CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31
 	- git 1:2.40.1-1 (bug #1034835)
 	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+	NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
+	NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
+	NOTE: https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
+	NOTE: https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a
 CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...)
@@ -15615,7 +15620,9 @@ CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.
 CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
 	- git 1:2.40.1-1 (bug #1034835)
 	[bullseye] - git <no-dsa> (Minor issue)
+	[buster] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+	NOTE: https://github.com/git/git/commit/4fe5d0b10afdc9ac5b703605b8d84d1ce5d71e87
 CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...)
 	NOT-FOR-US: metersphere
 CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...)
@@ -16353,6 +16360,7 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31
 	- git 1:2.40.1-1 (bug #1034835)
 	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
+	NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
 CVE-2023-25651
 	RESERVED
 CVE-2023-25650
@@ -44867,6 +44875,7 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ..
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...)
 	- wordpress <unfixed> (bug #1033251)
 	[bullseye] - wordpress <no-dsa> (Minor issue)
+	[buster] - wordpress <postponed> (Minor issue)
 	NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
 CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
 	NOT-FOR-US: Miele's "AppWash" MobileApp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63bbda9253a40638c25621e523609d2c8eb40817...8948fcfa19702a5c63e2b2d8fc04909ec3b243e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230426/504e2648/attachment.htm>

More information about the debian-security-tracker-commits mailing list