[Git][security-tracker-team/security-tracker][master] 3 commits: Remove two end-of-life markers for versions fixed in the release
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 21 20:15:49 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7edc4e1 by Salvatore Bonaccorso at 2023-02-21T21:13:31+01:00
Remove two end-of-life markers for versions fixed in the release
- - - - -
90eee801 by Salvatore Bonaccorso at 2023-02-21T21:13:33+01:00
Adjust reference for CVE-2023-20032, dropping unnecessary part
- - - - -
b6c3b350 by Salvatore Bonaccorso at 2023-02-21T21:14:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -949,7 +949,7 @@ CVE-2023-25930
CVE-2023-25929
RESERVED
CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-25927
RESERVED
CVE-2023-25926
@@ -4731,7 +4731,7 @@ CVE-2016-15022 (A vulnerability was found in mosbth cimage up to 0.7.18. It has
CVE-2009-10003 (A vulnerability was found in capnsquarepants wordcraft up to 0.6. It h ...)
NOT-FOR-US: capnsquarepants wordcraft
CVE-2023-0559 (The GS Portfolio for Envato WordPress plugin before 1.4.0 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: ContentStudio plugin for WordPress
CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to Sensitive Info ...)
@@ -4785,9 +4785,9 @@ CVE-2023-0543
CVE-2023-0542
RESERVED
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0539
RESERVED
CVE-2023-0538
@@ -5059,7 +5059,7 @@ CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24513
RESERVED
CVE-2023-24512
@@ -5099,7 +5099,7 @@ CVE-2023-24496
CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0491
RESERVED
CVE-2023-0490
@@ -5242,7 +5242,7 @@ CVE-2023-0457
CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24470
RESERVED
CVE-2023-24469
@@ -5270,7 +5270,7 @@ CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
NOT-FOR-US: OrangeScrum
CVE-2023-0453 (The WP Private Message WordPress plugin (bundled with the Superio them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...)
NOT-FOR-US: Jenkins BearyChat Plugin
CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat ...)
@@ -5478,7 +5478,7 @@ CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics
CVE-2023-0443
RESERVED
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0441
RESERVED
CVE-2023-0440 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
@@ -5875,7 +5875,7 @@ CVE-2023-24186
CVE-2023-24185
RESERVED
CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-24183
RESERVED
CVE-2023-24182
@@ -6393,9 +6393,9 @@ CVE-2023-0430
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
CVE-2023-0429 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0428 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0427
RESERVED
CVE-2023-0426
@@ -6413,7 +6413,7 @@ CVE-2023-0421
CVE-2023-0420
RESERVED
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0418
RESERVED
CVE-2022-4894
@@ -6950,25 +6950,25 @@ CVE-2023-0382
CVE-2023-0381
RESERVED
CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0377
RESERVED
CVE-2023-0376
RESERVED
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0374
RESERVED
CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0370
RESERVED
CVE-2023-0369
@@ -7044,7 +7044,7 @@ CVE-2023-23754
CVE-2023-0367
RESERVED
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0365
RESERVED
CVE-2023-0364
@@ -7765,7 +7765,7 @@ CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (OpenSSL_1_1_1t)
CVE-2023-0285 (The Real Media Library WordPress plugin before 4.18.29 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...)
- check-mk <removed>
CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -7793,7 +7793,7 @@ CVE-2023-0273
CVE-2023-0272
RESERVED
CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0269
@@ -8166,9 +8166,9 @@ CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not pr
CVE-2023-0233
RESERVED
CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user input f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0230
RESERVED
CVE-2022-4887
@@ -10673,7 +10673,7 @@ CVE-2023-0069
CVE-2023-0068
RESERVED
CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0066
RESERVED
CVE-2023-0065
@@ -10689,7 +10689,7 @@ CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin bef
CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does not val ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0058
RESERVED
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
@@ -11952,7 +11952,7 @@ CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate
CVE-2022-4792 (The News & Blog Designer Pack WordPress plugin before 3.3 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4791 (The Product Slider and Carousel with Category for WooCommerce WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...)
@@ -11962,11 +11962,11 @@ CVE-2022-4788
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4785 (The Video Sidebar Widgets WordPress plugin through 6.1 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4782
@@ -12096,7 +12096,7 @@ CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior
CVE-2022-47969
RESERVED
CVE-2022-4777 (The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...)
@@ -12216,13 +12216,13 @@ CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5
CVE-2022-4765 (The Portfolio for Elementor WordPress plugin before 2.3.1 does not val ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4764 (The Simple File Downloader WordPress plugin through 1.0.4 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4761 (The Post Views Count WordPress plugin through 3.0.2 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and esca ...)
@@ -12236,15 +12236,15 @@ CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not va
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
NOT-FOR-US: FlatPress
CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4752 (The Opening Hours WordPress plugin through 2.3.0 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4750 (The WP Responsive Testimonials Slider And Widget WordPress plugin thro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
@@ -12455,7 +12455,7 @@ CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate a
CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4713
RESERVED
CVE-2022-4712
@@ -12618,13 +12618,13 @@ CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and
CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin through 1.5.22 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4667 (The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4666 (The Markup (JSON-LD) structured in schema.org WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
- ampache <removed>
CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate and es ...)
@@ -13539,7 +13539,7 @@ CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon
CVE-2022-47580
RESERVED
CVE-2022-4622 (The Login Logout Menu WordPress plugin through 1.3.3 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are ...)
NOT-FOR-US: Panasonic
CVE-2022-4620
@@ -17016,9 +17016,9 @@ CVE-2022-4388
CVE-2022-4387
RESERVED
CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin through 3.1.3 lacks C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin through 3.1.3 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users with l ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...)
@@ -28068,7 +28068,7 @@ CVE-2023-20032
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
- NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8#event-89418
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8
CVE-2023-20031
RESERVED
CVE-2023-20030
@@ -262363,7 +262363,6 @@ CVE-2019-13769
CVE-2019-13768 (Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allow ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
- [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88 ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
@@ -262688,7 +262687,6 @@ CVE-2019-13685 (Use after free in sharing view in Google Chrome prior to 77.0.38
CVE-2019-13684 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4395-1}
- chromium 72.0.3626.81-1
- [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13683 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b8d813243e07b7083310dfd64b8f527292f6bdb...b6c3b350dc33bab01e48df36232e86a60de32a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b8d813243e07b7083310dfd64b8f527292f6bdb...b6c3b350dc33bab01e48df36232e86a60de32a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/a367e426/attachment.htm>
More information about the debian-security-tracker-commits
mailing list