[Git][security-tracker-team/security-tracker][master] previous spip issue CVEfied
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Feb 28 13:00:02 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67e1006f by Moritz Muehlenhoff at 2023-02-28T13:59:32+01:00
previous spip issue CVEfied
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7625,12 +7625,6 @@ CVE-2023-XXXX [remote code execution vulnerability in public and private spaces]
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
NOTE: https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 (3.2)
NOTE: https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d (master)
-CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
- - spip 4.1.7+dfsg-1
- [bullseye] - spip 3.2.11-3+deb11u6
- [buster] - spip 3.2.4-1+deb10u10
- NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
- NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...)
NOT-FOR-US: Tenable
CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...)
@@ -8225,7 +8219,11 @@ CVE-2023-24260
CVE-2023-24259
RESERVED
CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ...)
- TODO: check
+ {DSA-5325-1 DLA-3347-1}
+ - spip 4.1.7+dfsg-1
+ NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
+ NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
+ NOTE: https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md
CVE-2023-24257
RESERVED
CVE-2023-24256
=====================================
data/DLA/list
=====================================
@@ -1,4 +1,5 @@
[27 Feb 2023] DLA-3347-1 spip - security update
+ {CVE-2023-24258}
[buster] - spip 3.2.4-1+deb10u10
[27 Feb 2023] DLA-3346-1 python-werkzeug - security update
{CVE-2023-23934 CVE-2023-25577}
=====================================
data/DSA/list
=====================================
@@ -119,6 +119,7 @@
{CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548}
[bullseye] - nodejs 12.22.12~dfsg-1~deb11u3
[24 Jan 2023] DSA-5325-1 spip - security update
+ {CVE-2023-24258}
[bullseye] - spip 3.2.11-3+deb11u6
[23 Jan 2023] DSA-5324-1 linux - security update
{CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454 CVE-2023-23455}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e1006f31c09158c7d3d703c012e3becbef715c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e1006f31c09158c7d3d703c012e3becbef715c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/0ce9dfb5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list