[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 28 20:10:29 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d51e9502 by security tracker role at 2023-01-28T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-0562
+	RESERVED
+CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2016-15022
+	RESERVED
+CVE-2009-10003
+	RESERVED
 CVE-2023-0559
 	RESERVED
 CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization  ...)
@@ -129,10 +139,12 @@ CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/
 CVE-2023-0518
 	RESERVED
 CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...)
+	{DLA-3285-1}
 	- libapache-session-browseable-perl 1.3.7-1
 	NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f (v1.3.6)
 	NOTE: Regression follow-up: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/c73e05c1363cd59e437aa1ea5ea0d260d62d5ee6 (v1.3.7)
 CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certificate ...)
+	{DLA-3284-1}
 	- libapache-session-ldap-perl 0.5-1
 	NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5)
 CVE-2023-24576
@@ -2983,7 +2995,7 @@ CVE-2009-10002 (A vulnerability, which was classified as problematic, has been f
 CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...)
 	NOT-FOR-US: jianlinwei cool-php-captcha
 CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...)
-	{DSA-5320-1}
+	{DSA-5320-1 DLA-3286-1}
 	- tor 0.4.7.13-1
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
@@ -9733,6 +9745,7 @@ CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.18+10-1
 	- openjdk-17 17.0.6+10-1
@@ -9752,6 +9765,7 @@ CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.32-1 (bug #1029151)
 CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-11 11.0.18+10-1
 	- openjdk-17 17.0.6+10-1
 	- openjdk-21 21~7ea-1
@@ -35079,6 +35093,7 @@ CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
@@ -41538,6 +41553,7 @@ CVE-2022-37187
 	RESERVED
 CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
 	RESERVED
+	{DLA-3287-1}
 	- lemonldap-ng 2.0.15+ds-1
 	[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
@@ -94411,6 +94427,7 @@ CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of O
 CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94420,12 +94437,14 @@ CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
 	- virtualbox 6.1.40-dfsg-1
 	NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
 CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -94442,6 +94461,7 @@ CVE-2022-21620 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
 	- virtualbox 6.1.40-dfsg-1
 	NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
 CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -196613,6 +196633,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali
 	[stretch] - claws-mail <no-dsa> (Minor issue)
 	NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
 CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...)
+	{DLA-3287-1}
 	- lemonldap-ng 2.0.9+ds-1
 	[stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete re-write, so very hard to backport!)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d51e9502773bbeb688c429041b277a68262c0200
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230128/d24aae8b/attachment.htm>


More information about the debian-security-tracker-commits mailing list