[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 28 20:10:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d51e9502 by security tracker role at 2023-01-28T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-0562
+ RESERVED
+CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2016-15022
+ RESERVED
+CVE-2009-10003
+ RESERVED
CVE-2023-0559
RESERVED
CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization ...)
@@ -129,10 +139,12 @@ CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/
CVE-2023-0518
RESERVED
CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...)
+ {DLA-3285-1}
- libapache-session-browseable-perl 1.3.7-1
NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f (v1.3.6)
NOTE: Regression follow-up: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/c73e05c1363cd59e437aa1ea5ea0d260d62d5ee6 (v1.3.7)
CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certificate ...)
+ {DLA-3284-1}
- libapache-session-ldap-perl 0.5-1
NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5)
CVE-2023-24576
@@ -2983,7 +2995,7 @@ CVE-2009-10002 (A vulnerability, which was classified as problematic, has been f
CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...)
NOT-FOR-US: jianlinwei cool-php-captcha
CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...)
- {DSA-5320-1}
+ {DSA-5320-1 DLA-3286-1}
- tor 0.4.7.13-1
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
@@ -9733,6 +9745,7 @@ CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.18+10-1
- openjdk-17 17.0.6+10-1
@@ -9752,6 +9765,7 @@ CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1 (bug #1029151)
CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-11 11.0.18+10-1
- openjdk-17 17.0.6+10-1
- openjdk-21 21~7ea-1
@@ -35079,6 +35093,7 @@ CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
@@ -41538,6 +41553,7 @@ CVE-2022-37187
RESERVED
CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
RESERVED
+ {DLA-3287-1}
- lemonldap-ng 2.0.15+ds-1
[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
@@ -94411,6 +94427,7 @@ CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of O
CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94420,12 +94437,14 @@ CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
- virtualbox 6.1.40-dfsg-1
NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94442,6 +94461,7 @@ CVE-2022-21620 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
- virtualbox 6.1.40-dfsg-1
NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5331-1}
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -196613,6 +196633,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali
[stretch] - claws-mail <no-dsa> (Minor issue)
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...)
+ {DLA-3287-1}
- lemonldap-ng 2.0.9+ds-1
[stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete re-write, so very hard to backport!)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230128/d24aae8b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list