[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 26 18:45:38 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2523fd1e by Moritz Muehlenhoff at 2023-04-26T19:45:15+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31493,7 +31493,7 @@ CVE-2022-47017
 CVE-2022-47016
 	REJECTED
 CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of S ...)
-	- mariadb <unfixed>
+	- mariadb <unfixed> (bug #1034889)
 	[bookworm] - mariadb <postponed> (Minor issue, wait for next point release)
 	- mariadb-10.6 <removed>
 	- mariadb-10.5 <removed>
@@ -55853,11 +55853,11 @@ CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
 	[buster] - cmark-gfm <no-dsa> (Minor issue)
-	- python-cmarkgfm <unfixed>
+	- python-cmarkgfm <unfixed> (bug #1034887)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
 	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- ghostwriter 2.1.6+ds-1 (unimportant)
-	- ruby-commonmarker <unfixed>
+	- ruby-commonmarker <unfixed> (bug #1034888)
 	[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
 	[buster] - ruby-commonmarker <no-dsa> (Minor issue)
 	- r-cran-commonmark 1.8.1-1
@@ -60295,9 +60295,8 @@ CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there a
 CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...)
 	NOT-FOR-US: Tesla
 CVE-2022-37708 (Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permi ...)
-	- docker.io <unfixed>
+	- docker.io <unfixed> (bug #1034886)
 	NOTE: https://github.com/thekevinday/docker_lightman_exploit
-	TODO: check, seems like a negligible security impact issue, and might be marked unimportant
 CVE-2022-37707
 	RESERVED
 CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...)
@@ -295105,7 +295104,7 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oa
 CVE-2019-8399
 	RESERVED
 CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
-	- hdf5 <undetermined> (bug #1034838)
+	- hdf5 <unfixed> (bug #1034838)
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
 CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
@@ -295117,7 +295116,7 @@ CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
 	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10711
 	NOTE: Negligible security impact, malicous scientific data has more issues than a crash
 CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
-	- hdf5 <undetermined> (bug #1034838)
+	- hdf5 <unfixed> (bug #1034838)
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
 	NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release.
@@ -326004,7 +326003,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
-	- wordpress <undetermined>
+	NOTE: No actionable information
 	NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
 CVE-2018-1000673
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fd1e30844c7a58a627f9f35766ede2cf6ecd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fd1e30844c7a58a627f9f35766ede2cf6ecd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230426/4dc01ade/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list