[Git][security-tracker-team/security-tracker][master] Track some fixes (upstream versions) for opennds

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04eaeeee by Salvatore Bonaccorso at 2023-12-25T21:48:38+01:00
Track some fixes (upstream versions) for opennds

Some issues are fixed in v10.1.2, two more in v10.1.3, but not all of
the report in
https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
seem addressed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6782,9 +6782,11 @@ CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 all
 CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3)
 CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3)
 CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS  ...)
 	NOT-FOR-US: OpenNMS
 CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
@@ -6800,18 +6802,21 @@ CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and ear
 CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38323
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
 CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38321
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
 CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38319
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
@@ -6824,15 +6829,19 @@ CVE-2023-38317
 CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
+	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
 CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...)
 	NOT-FOR-US: CubeCart
 CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04eaeeee25abb97ba7b8e28623364a2ad03dd932

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04eaeeee25abb97ba7b8e28623364a2ad03dd932
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/36fcc2be/attachment.htm>