[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 19 21:29:17 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e70d44cd by Moritz Muehlenhoff at 2023-12-19T22:28:47+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a hea
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel attack kno ...)
- - nss <unfixed>
+ - nss <unfixed> (bug #1059054)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1853908 (not public)
@@ -1826,9 +1826,8 @@ CVE-2023-36639 (A use of externally-controlled format string in Fortinet FortiPr
CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. This i ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...)
- - undertow <undetermined>
+ - undertow <unfixed> (bug #1059055)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
- TODO: check, insufficient information for Debian specific assessment
CVE-2023-49921
- elasticsearch <removed>
CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...)
@@ -2371,7 +2370,7 @@ CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user servers
CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in bro ...)
NOT-FOR-US: IBM
CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2652
NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
@@ -2379,7 +2378,7 @@ CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to c
CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 versi ...)
NOT-FOR-US: DrayTek Vigor167
CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2669
NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
@@ -2694,7 +2693,7 @@ CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command
CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...)
NOT-FOR-US: Tenda
CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_ ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2689
@@ -2710,7 +2709,7 @@ CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is vulnerable to Directory Tr
CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management System v ...)
NOT-FOR-US: Best Courier Management System
CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a mem ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2658
@@ -4552,25 +4551,25 @@ CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules
CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...)
NOT-FOR-US: PrestaShop module
CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...)
- - busybox <unfixed>
+ - busybox <unfixed> (bug #1059053)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874
CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...)
- - busybox <unfixed>
+ - busybox <unfixed> (bug #1059052)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871
CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...)
- - busybox <unfixed>
+ - busybox <unfixed> (bug #1059051)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868
CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf function in ...)
- - busybox <unfixed>
+ - busybox <unfixed> (bug #1059050)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
@@ -5488,11 +5487,11 @@ CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow
CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
NOT-FOR-US: Tenda
CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2680
CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2679
CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...)
@@ -60888,7 +60887,7 @@ CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.1
CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...)
NOT-FOR-US: Rukovoditel
CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...)
- - busybox <unfixed>
+ - busybox <unfixed> (bug #1059049)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70d44cd404ff18990b6f8a0912889a25a6c2e3a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70d44cd404ff18990b6f8a0912889a25a6c2e3a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/223dfdf3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list