[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 22 14:04:09 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ceecb73f by Moritz Muehlenhoff at 2023-12-22T15:03:39+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2376,7 +2376,7 @@ CVE-2023-43813 (GLPI is a free asset and IT management software package. Startin
 CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...)
 	NOT-FOR-US: Dasan Networks W-Web
 CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...)
-	- tinyxml <unfixed>
+	- tinyxml <unfixed> (bug #1059315)
 	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...)
 	{DSA-5577-1}
@@ -3938,7 +3938,7 @@ CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcod
 CVE-2023-40463 (When configured in debugging mode by an authenticated user with    adm ...)
 	NOT-FOR-US: ALEOS
 CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not    perform ...)
-	- tinyxml <unfixed>
+	- tinyxml <unfixed> (bug #1059315)
 	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an    authen ...)
 	NOT-FOR-US: ALEOS
@@ -4960,7 +4960,7 @@ CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0
 CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...)
 	NOT-FOR-US: p2pa
 CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	- tinyxml <unfixed>
+	- tinyxml <unfixed> (bug #1059315)
 	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...)
 	NOT-FOR-US: NEC
@@ -30542,10 +30542,10 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
 	NOTE: https://github.com/lloyd/yajl/issues/250
 	NOTE: Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0)
 	NOTE: The original fix uploaded as 2.1.0-3.1 was incomplete.
-	- epics-base <unfixed>
+	- epics-base <unfixed> (bug #1059316)
 	[bookworm] - epics-base <no-dsa> (Minor issue)
 	[buster] - epics-base <postponed> (Minor issue; fix only after newer releases got a fix)
-	- r-cran-jsonlite <unfixed>
+	- r-cran-jsonlite <unfixed> (bug #1059317)
 	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
 	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
 	[buster] - r-cran-jsonlite <postponed> (Minor issue; fix only after newer releases got a fix)
@@ -169626,15 +169626,15 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
 	[bullseye] - pdftk-java <no-dsa> (Minor issue)
 	[buster] - pdftk-java <no-dsa> (Minor issue)
 	- pdftk 2.02-5
-	- libitext-java <unfixed>
+	- libitext-java <unfixed> (bug #1059318)
 	[bookworm] - libitext-java <no-dsa> (Minor issue)
 	[bullseye] - libitext-java <no-dsa> (Minor issue)
 	[buster] - libitext-java <no-dsa> (Minor issue)
-	- libitext1-java <unfixed>
+	- libitext1-java <unfixed> (bug #1059319)
 	[bookworm] - libitext1-java <no-dsa> (Minor issue)
 	[bullseye] - libitext1-java <no-dsa> (Minor issue)
 	[buster] - libitext1-java <no-dsa> (Minor issue)
-	- libitext5-java <unfixed>
+	- libitext5-java <unfixed> (bug #1059320)
 	[bookworm] - libitext5-java <no-dsa> (Minor issue)
 	[bullseye] - libitext5-java <no-dsa> (Minor issue)
 	[buster] - libitext5-java <no-dsa> (Minor issue)
@@ -196775,7 +196775,7 @@ CVE-2021-27206
 	RESERVED
 CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
 	[experimental] - zfs-linux 2.2.0-1~exp1
-	- zfs-linux <unfixed>
+	- zfs-linux <unfixed> (bug #1059322)
 	[bookworm] - zfs-linux <no-dsa> (contrib not supported)
 	[bullseye] - zfs-linux <no-dsa> (contrib not supported)
 	NOTE: https://github.com/openzfs/zfs/commit/6cb5e1e7591da20af3a15793e022345a73e40fb7 (zfs-2.2.0-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceecb73f9e3d7915bd927ad0d226409b4b3a213c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceecb73f9e3d7915bd927ad0d226409b4b3a213c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/89c61971/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list