[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 22 09:59:16 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c6312bf by Moritz Muehlenhoff at 2023-12-22T10:58:53+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,7 +114,7 @@ CVE-2023-48685 (Railway Reservation System v1.0 is vulnerable to multiple Unauth
 CVE-2023-48308 (Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain  ...)
 	NOT-FOR-US: Nextcloud calendar app
 CVE-2023-48298 (ClickHouse\xae is an open-source column-oriented database management s ...)
-	- clickhouse <unfixed>
+	- clickhouse <unfixed> (bug #1059261)
 	NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938
 	NOTE: https://github.com/ClickHouse/ClickHouse/pull/56795
 CVE-2023-46649 (A race condition in GitHub Enterprise Server was identified that could ...)
@@ -231,7 +231,7 @@ CVE-2023-50119
 CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...)
 	TODO: check
 CVE-2023-4255 (An out-of-bounds write issue has been discovered in the backspace hand ...)
-	- w3m <unfixed>
+	- w3m <unfixed> (bug #1059265)
 	NOTE: https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
 	NOTE: https://github.com/tats/w3m/issues/268
 	NOTE: https://github.com/tats/w3m/pull/273
@@ -459,7 +459,7 @@ CVE-2023-47507 (Deserialization of Untrusted Data vulnerability in Master Slider
 CVE-2023-47236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-47118 (ClickHouse\xae is an open-source column-oriented database management s ...)
-	- clickhouse <unfixed>
+	- clickhouse <unfixed> (bug #1059261)
 	NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v
 CVE-2023-46311 (Authorization Bypass Through User-Controlled Key vulnerability in gVec ...)
 	NOT-FOR-US: WordPress plugin
@@ -4105,11 +4105,11 @@ CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-check
 CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer overflows ...)
 	- falcosecurity-libs <unfixed> (bug #1059256)
 	- gemmi <unfixed> (bug #1059257)
-	- lwip <unfixed> (bug #1059259)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1
 	NOTE: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
 	NOTE: https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d
 	NOTE: https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt
+	NOTE: lwip embeds a copy of tinydir, but it's unused, see bug #1059259
 CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0. ...)
 	NOT-FOR-US: RakRak Document Plus
 CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerab ...)
@@ -76684,13 +76684,13 @@ CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before 5.6
 CVE-2022-44012 (An issue was discovered in /DS/LM_API/api/SelectionService/InsertQuery ...)
 	NOT-FOR-US: Simmeth Lieferantenmanager
 CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An authentic ...)
-	- clickhouse <unfixed>
+	- clickhouse <unfixed> (bug #1059261)
 	[bookworm] - clickhouse <no-dsa> (Minor issue)
 	[bullseye] - clickhouse <no-dsa> (Minor issue)
 	[buster] - clickhouse <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/ClickHouse/ClickHouse/pull/40241
 CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An attacker  ...)
-	- clickhouse <unfixed>
+	- clickhouse <unfixed> (bug #1059261)
 	[bookworm] - clickhouse <no-dsa> (Minor issue)
 	[bullseye] - clickhouse <no-dsa> (Minor issue)
 	[buster] - clickhouse <postponed> (Minor issue, DoS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6312bf8952f907f089ed432925cc9708f92b56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6312bf8952f907f089ed432925cc9708f92b56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/0b9490c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list