[Git][security-tracker-team/security-tracker][master] 3 commits: Add upstream tag information for upstream commits for easier tracking

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 17 20:20:08 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0467063d by Salvatore Bonaccorso at 2023-12-17T21:15:29+01:00
Add upstream tag information for upstream commits for easier tracking

- - - - -
46670c0f by Salvatore Bonaccorso at 2023-12-17T21:15:31+01:00
Add additional information for older CVE and add respective upstream tags to commits

- - - - -
a6b4af6a by Salvatore Bonaccorso at 2023-12-17T21:19:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2023-6902 (A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Stupid Simple CMS
 CVE-2023-6901 (A vulnerability, which was classified as critical, was found in codely ...)
-	TODO: check
+	NOT-FOR-US: Stupid Simple CMS
 CVE-2023-6900 (A vulnerability, which was classified as critical, has been found in r ...)
-	TODO: check
+	NOT-FOR-US: rmountjoy92 DashMachine
 CVE-2023-6899 (A vulnerability classified as problematic was found in rmountjoy92 Das ...)
-	TODO: check
+	NOT-FOR-US: rmountjoy92 DashMachine
 CVE-2023-6898 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Best Courier Management System
 CVE-2023-6896 (A vulnerability was found in SourceCodester Simple Image Stack Website ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Simple Image Stack Website
 CVE-2023-50271 (A potential security vulnerability has been identified with HP-UX Syst ...)
-	TODO: check
+	NOT-FOR-US: HP-UX System Management Homepage (SMH)
 CVE-2023-49834 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX \u20 ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-49824 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Produ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49816 (Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solution ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49775 (Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49769 (Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate G ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49751 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Blo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6895 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...)
 	NOT-FOR-US: Hikvision Intercom Broadcasting System
 CVE-2023-6894 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...)
@@ -53869,7 +53869,7 @@ CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Mat
 CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-24379
 	RESERVED
 CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -309176,7 +309176,9 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
 	NOTE: https://github.com/ansible/ansible/pull/65423
 	NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
-	NOTE: Fixed for 2.7 by https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/65848.patch
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/1257448636772859924157fa76341a698e4bf823 (v2.9.3)
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/0d08d78637ba8f608b490bf2dc8700604faa8f80 (v2.8.8)
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/88416b627caac5f0f4bff335d5387e0bcca938ca (v2.7.16)
 CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
 	{DSA-4950-1 DLA-2535-1}
 	- ansible 2.9.4+dfsg-1 (low)
@@ -309435,7 +309437,8 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
 	NOTE: https://github.com/ansible/ansible/pull/63405
 	NOTE: Sub-options/sub-specs/sub-parameters introduced in https://github.com/ansible/ansible/commit/25de905c6e05bd6df91f4299628ee6d386d3da50 (2.4)
-	NOTE: Fix for 2.7 https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb (v2.8.6)
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b (v2.7.14)
 CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...)
 	{DLA-2298-1 DLA-1996-1}
 	- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8735143d0e9b36c364c269716107e12feb1265e5...a6b4af6a71535a70f8a1688aa9a18c063c521bc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8735143d0e9b36c364c269716107e12feb1265e5...a6b4af6a71535a70f8a1688aa9a18c063c521bc6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231217/d575ef31/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list