[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 30 18:03:21 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e6d7b5b by Moritz Mühlenhoff at 2023-01-30T19:02:12+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3120,7 +3120,7 @@ CVE-2023-23629 (Metabase is an open source data analytics platform. Affected ver
 CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions  ...)
 	NOT-FOR-US: Metabase
 CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0  ...)
-	- ruby-sanitize <unfixed>
+	- ruby-sanitize <unfixed> (bug #1030047)
 	NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
 	NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1)
 CVE-2023-23626
@@ -5767,17 +5767,17 @@ CVE-2023-22797
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
 CVE-2023-22796
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
 	NOTE: https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable)
 CVE-2023-22795
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
 	NOTE: https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable)
 CVE-2023-22794
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1030050)
 	[buster] - rails <not-affected> (Only affects 6.x and later)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
 	NOTE: https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable)
@@ -5785,7 +5785,7 @@ CVE-2023-22793
 	RESERVED
 CVE-2023-22792
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
 	NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable)
 CVE-2023-22791
@@ -7679,7 +7679,7 @@ CVE-2023-22335
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
 	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
-	- pgpool2 <unfixed>
+	- pgpool2 <unfixed> (bug #1030048)
 	NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News
 CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5. ...)
 	NOT-FOR-US: CONPROSYS
@@ -12056,7 +12056,7 @@ CVE-2022-47023
 CVE-2022-47022
 	RESERVED
 CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...)
-	- opusfile <unfixed>
+	- opusfile <unfixed> (bug #1030049)
 	[bullseye] - opusfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
 	NOTE: https://github.com/xiph/opusfile/issues/36
@@ -20541,7 +20541,7 @@ CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop
 	NOT-FOR-US: Rocket.Chat-Desktop
 CVE-2022-44566
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
 	NOTE: https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable)
 CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6d7b5be47c07b7f2fea1f2dd65c01a08f5edad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6d7b5be47c07b7f2fea1f2dd65c01a08f5edad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/032af9fe/attachment.htm>

More information about the debian-security-tracker-commits mailing list