[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 21 15:19:58 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ea4b589 by Moritz Muehlenhoff at 2023-02-21T16:18:04+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2023-26255
 CVE-2023-26254
 	RESERVED
 CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #1031731)
 	NOTE: https://github.com/gluster/glusterfs/issues/3954
 CVE-2023-26252
 	RESERVED
@@ -146,13 +146,13 @@ CVE-2022-48332
 CVE-2022-48331
 	RESERVED
 CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has  ...)
-	- emacs <unfixed>
+	- emacs <unfixed> (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
 CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...)
-	- emacs <unfixed>
+	- emacs <unfixed> (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
 CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell  ...)
-	- emacs <unfixed>
+	- emacs <unfixed> (bug #1031730)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
 CVE-2023-26213
 	RESERVED
@@ -433,7 +433,7 @@ CVE-2023-26083
 CVE-2023-26082
 	RESERVED
 CVE-2023-26081 (In Epiphany (aka GNOME Web) through 43.0, untrusted web content can tr ...)
-	- epiphany-browser <unfixed>
+	- epiphany-browser <unfixed> (bug #1031727)
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd
 CVE-2023-26080
@@ -527,7 +527,7 @@ CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodeste
 CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Auto Dealer Management System
 CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...)
-	- iortcw <unfixed>
+	- iortcw <unfixed> (bug #1031732)
 	NOTE: https://github.com/rtcwcoop/rtcwcoop/pull/45
 	NOTE: Reported against a version based on iortcw, but seems missing in iortcw
 CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...)
@@ -3622,7 +3622,7 @@ CVE-2023-25000
 CVE-2023-24999
 	RESERVED
 CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
-	- libcommons-fileupload-java <unfixed>
+	- libcommons-fileupload-java <unfixed> (bug #1031733)
 	[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
 	NOTE: https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
@@ -5053,8 +5053,8 @@ CVE-2023-0484
 CVE-2023-0483
 	RESERVED
 CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
-	- resteasy <unfixed>
-	- resteasy3.0 <unfixed>
+	- resteasy <unfixed> (bug #1031728)
+	- resteasy3.0 <unfixed> (bug #1031729)
 	[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
 	[buster] - resteasy3.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/resteasy/resteasy/pull/3409/
@@ -75797,13 +75797,13 @@ CVE-2022-26892
 CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
-	- hdf5 <unfixed>
+	- hdf5 <unfixed> (bug #1031726)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
 CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
-	- hdf5 <unfixed>
+	- hdf5 <unfixed> (bug #1031726)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
 CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
-	- hdf5 <unfixed>
+	- hdf5 <unfixed> (bug #1031726)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
 CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
 	NOT-FOR-US: livehelperchat



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea4b58988b7cad5402ab0999b075811a1bb7f2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea4b58988b7cad5402ab0999b075811a1bb7f2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/9e28932a/attachment.htm>

More information about the debian-security-tracker-commits mailing list