[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 22 12:37:00 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91d80e70 by Moritz Muehlenhoff at 2023-12-22T13:36:37+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -386,7 +386,7 @@ CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS) 3.
 CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
 	NOT-FOR-US: Transformers
 CVE-2023-7008 [Unsigned name response in signed zone is not refused when DNSSEC=yes]
-	- systemd <unfixed>
+	- systemd <unfixed> (bug #1059278)
 	[bookworm] - systemd <no-dsa> (Minor issue)
 	[bullseye] - systemd <no-dsa> (Minor issue)
 	[buster] - systemd <postponed> (Minor issue, should be fixed after newer releases are done)
@@ -1033,7 +1033,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
 	[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
 	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
-	- proftpd-mod-proxy <unfixed>
+	- proftpd-mod-proxy <unfixed> (bug #1059290)
 	- putty 0.80-1
 	- python-asyncssh <unfixed> (bug #1059007)
 	- tinyssh 20230101-4 (bug #1059058; unimportant)
@@ -1777,11 +1777,11 @@ CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/mod
 CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...)
 	NOT-FOR-US: Semcms
 CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
-	- cjson <unfixed>
+	- cjson <unfixed> (bug #1059287)
 	NOTE: https://github.com/DaveGamble/cJSON/issues/803
 	NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
 CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
-	- cjson <unfixed>
+	- cjson <unfixed> (bug #1059287)
 	NOTE: https://github.com/DaveGamble/cJSON/issues/802
 	NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
 CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -1920,7 +1920,7 @@ CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an I
 CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to  ...)
 	NOT-FOR-US: Dokmee ECM
 CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...)
-	- shiro <unfixed>
+	- shiro <unfixed> (bug #1059288)
 	[bookworm] - shiro <no-dsa> (Minor issue)
 	[bullseye] - shiro <no-dsa> (Minor issue)
 	[buster] - shiro <no-dsa> (Minor issue)
@@ -3264,14 +3264,14 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-si
 CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...)
 	NOT-FOR-US: DedeCMS
 CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...)
-	- libde265 <unfixed>
+	- libde265 <unfixed> (bug #1059275)
 	NOTE: https://github.com/strukturag/libde265/issues/432
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb
 CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...)
-	- libde265 <unfixed>
+	- libde265 <unfixed> (bug #1059275)
 	NOTE: https://github.com/strukturag/libde265/issues/434
 CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...)
-	- libde265 <unfixed>
+	- libde265 <unfixed> (bug #1059275)
 	NOTE: https://github.com/strukturag/libde265/issues/435
 CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...)
 	- libheif <unfixed> (bug #1059151)
@@ -7947,10 +7947,10 @@ CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote att
 CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a  ...)
 	NOT-FOR-US: MLDB.ai
 CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in  ...)
-	- jbig2enc <unfixed>
+	- jbig2enc <unfixed> (bug #1059285)
 	NOTE: https://github.com/agl/jbig2enc/issues/85
 CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbi ...)
-	- jbig2enc <unfixed>
+	- jbig2enc <unfixed> (bug #1059284)
 	NOTE: https://github.com/agl/jbig2enc/issues/84
 CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private  ...)
 	NOT-FOR-US: Couchbase Server
@@ -9720,7 +9720,7 @@ CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1c
 CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...)
 	NOT-FOR-US: Contec SolarView Compact
 CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker  ...)
-	- cacti <unfixed>
+	- cacti <unfixed> (bug #1059286)
 	[bookworm] - cacti <no-dsa> (Revisit when more details are available)
 	[bullseye] - cacti <no-dsa> (Revisit when more details are available)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet)
@@ -17264,7 +17264,7 @@ CVE-2023-4802 (A reflected cross-site scripting vulnerability in the UpdateInsta
 CVE-2023-4801 (An improper certification validation vulnerability in the Insider Thre ...)
 	NOT-FOR-US: Insider Threat Management (ITM) Server
 CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC starting ver ...)
-	- grpc <unfixed>
+	- grpc <unfixed> (bug #1059281)
 	[bookworm] - grpc <no-dsa> (Minor issue)
 	[bullseye] - grpc <no-dsa> (Minor issue)
 	[buster] - grpc <no-dsa> (Minor issue)
@@ -22254,7 +22254,7 @@ CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers
 CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers  ...)
 	NOT-FOR-US: CSZCMS
 CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...)
-	- grpc <unfixed>
+	- grpc <unfixed> (bug #1059279)
 	[bookworm] - grpc <no-dsa> (Minor issue)
 	[bullseye] - grpc <no-dsa> (Minor issue)
 	[buster] - grpc <postponed> (recheck when upstream patch is available/published)
@@ -29978,7 +29978,7 @@ CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system fo
 CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: Fuel CMS
 CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...)
-	- grpc <unfixed>
+	- grpc <unfixed> (bug #1059280)
 	[bookworm] - grpc <no-dsa> (Minor issue)
 	[bullseye] - grpc <no-dsa> (Minor issue)
 	[buster] - grpc <postponed> (Minor issue; request smuggling; recheck whether fixed or introduced by #32309 when CVE description is updated)
@@ -69170,56 +69170,56 @@ CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerabili
 CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...)
 	NOT-FOR-US: ChangingTec ServiSign
 CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format  ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69262,7 +69262,7 @@ CVE-2022-44615
 CVE-2022-44453
 	RESERVED
 CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format  ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69275,14 +69275,14 @@ CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll R
 CVE-2022-43503
 	REJECTED
 CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
 	NOTE: https://github.com/openbabel/openbabel/issues/2650
 CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format  ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69369,7 +69369,7 @@ CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 al
 CVE-2022-41795
 	RESERVED
 CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -69413,7 +69413,7 @@ CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the
 CVE-2022-40973
 	RESERVED
 CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -79656,7 +79656,7 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
 CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...)
-	- openbabel <unfixed>
+	- openbabel <unfixed> (bug #1059277)
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
 	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
@@ -376859,7 +376859,7 @@ CVE-2018-11232 (The etm_setup_aux function in drivers/hwtracing/coresight/coresi
 CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers c ...)
 	NOT-FOR-US: OpenCart plugin
 CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
-	- jbig2enc <unfixed>
+	- jbig2enc <unfixed> (bug #1059282)
 	NOTE: https://github.com/agl/jbig2enc/issues/61
 CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
 	NOT-FOR-US: Crestron devices



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91d80e700e3a55e4484e8a27dfea9f0d392655fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91d80e700e3a55e4484e8a27dfea9f0d392655fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/b2d49484/attachment.htm>


More information about the debian-security-tracker-commits mailing list