[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 22 13:50:08 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f496e701 by Moritz Muehlenhoff at 2023-12-22T14:49:22+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1099,14 +1099,13 @@ CVE-2023-6903 (A vulnerability classified as critical has been found in Netentse
 CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as ...)
 	NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service)
 CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows atta ...)
-	- libcrypto++ <unfixed>
+	- libcrypto++ <unfixed> (bug #1059312)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1249
 CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to  ...)
-	- libcrypto++ <unfixed>
+	- libcrypto++ <unfixed> (bug #1059311)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1248
-	TODO: check details about mitigation applied, but issue in per se "unfixed"
 CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...)
-	- libcrypto++ <unfixed>
+	- libcrypto++ <unfixed> (bug #1059310)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1247
 CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...)
 	NOT-FOR-US: Redpanda
@@ -1982,7 +1981,7 @@ CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer co
 CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord compone ...)
 	NOT-FOR-US: Joomla module
 CVE-2023-37457 (Asterisk is an open source private branch exchange and telephony toolk ...)
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #1059303)
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
 	NOTE: https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
 CVE-2023-3904 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -2140,7 +2139,7 @@ CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Commo
 CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...)
 	NOT-FOR-US: DedeBIZ
 CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
-	- python-cryptography <unfixed>
+	- python-cryptography <unfixed> (bug #1059308)
 	[buster] - python-cryptography <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25659)
 	NOTE: https://github.com/pyca/cryptography/issues/9785
 	NOTE: https://people.redhat.com/~hkario/marvin/
@@ -11235,7 +11234,7 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la
 	NOTE: https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9
 	NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831
 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
-	- libxml-security-java <unfixed>
+	- libxml-security-java <unfixed> (bug #1059313)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5
 	NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
 	NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
@@ -13938,9 +13937,9 @@ CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta
 CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus subsyste ...)
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-38703 (PJSIP is a free and open source multimedia communication library writt ...)
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #1059303)
 	- pjproject <removed>
-	- ring <undetermined>
+	- ring <unfixed> (bug #1059307)
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66
 	NOTE: https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d (2.14)
 CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
@@ -19701,7 +19700,7 @@ CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote a
 CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...)
 	NOT-FOR-US: BDCOM OLT P3310D-2AC
 CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression  ...)
-	- mathjax <unfixed>
+	- mathjax <unfixed> (bug #1059304)
 	[bookworm] - mathjax <no-dsa> (Minor issue)
 	[bullseye] - mathjax <no-dsa> (Minor issue)
 	[buster] - mathjax <no-dsa> (Minor issue)
@@ -20263,11 +20262,11 @@ CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions
 CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
 	NOT-FOR-US: Notepad++
 CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...)
-	- cargo <unfixed>
+	- cargo <unfixed> (bug #1059305)
 	[bookworm] - cargo <no-dsa> (Minor issue)
 	[bullseye] - cargo <no-dsa> (Minor issue)
 	[buster] - cargo <no-dsa> (Minor issue)
-	- rust-cargo <unfixed>
+	- rust-cargo <unfixed> (bug #1059306)
 	[bookworm] - rust-cargo <no-dsa> (Minor issue)
 	[bullseye] - rust-cargo <no-dsa> (Minor issue)
 	[buster] - rust-cargo <no-dsa> (Minor issue)
@@ -20725,7 +20724,7 @@ CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uplo
 	- memcached 1.6.8+dfsg-1
 	NOTE: Fixed by: https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966 (1.6.8)
 CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA signature ...)
-	- libcrypto++ <unfixed>
+	- libcrypto++ <unfixed> (bug #1059309)
 	[bookworm] - libcrypto++ <no-dsa> (Minor issue)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
 	[buster] - libcrypto++ <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f496e7011dee7164290e1a3b085c3b96d30c7e3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f496e7011dee7164290e1a3b085c3b96d30c7e3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/cd0440be/attachment.htm>

More information about the debian-security-tracker-commits mailing list