[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 14 22:53:31 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
433b2294 by Moritz Muehlenhoff at 2023-07-14T23:51:27+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,13 +75,13 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug t
 CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (bug #1041101)
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14  ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (bug #1041101)
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html
@@ -97,13 +97,13 @@ CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows
 CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...)
 	NOT-FOR-US: Dede CMS
 CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...)
-	- libjpeg <unfixed>
+	- libjpeg <unfixed> (bug #1041103)
 	[bookworm] - libjpeg <no-dsa> (Minor issue)
 	[bullseye] - libjpeg <no-dsa> (Minor issue)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0
 	NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
 CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...)
-	- libjpeg <unfixed>
+	- libjpeg <unfixed> (bug #1041103)
 	[bookworm] - libjpeg <no-dsa> (Minor issue)
 	[bullseye] - libjpeg <no-dsa> (Minor issue)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1
@@ -175,16 +175,16 @@ CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a c
 CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Allocati ...)
 	NOT-FOR-US: Teacher Subject Allocation System
 CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of  ...)
-	- cmark-gfm <unfixed>
+	- cmark-gfm <unfixed> (bug #1041097)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
-	- python-cmarkgfm <unfixed>
+	- python-cmarkgfm <unfixed> (bug #1041098)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
-	- r-cran-commonmark <unfixed>
+	- r-cran-commonmark <unfixed> (bug #1041099)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
-	- ruby-commonmarker <unfixed>
+	- ruby-commonmarker <unfixed> (bug #1041100)
 	[bookworm] - ruby-commonmarker <no-dsa> (Minor issue)
 	[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
@@ -231,18 +231,18 @@ CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbit
 CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: PlatPlay DSr
 CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #1041109)
 	NOTE: https://github.com/coreruleset/coreruleset/issues/3191
 	NOTE: https://github.com/coreruleset/coreruleset/pull/3237
 CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via  ...)
 	NOT-FOR-US: acme.sh
 CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...)
-	- qt6-base <unfixed>
+	- qt6-base <unfixed> (bug #1041104)
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
-	- qtbase-opensource-src-gles <unfixed>
+	- qtbase-opensource-src-gles <unfixed> (bug #1041106)
 	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
-	- qtbase-opensource-src <unfixed>
+	- qtbase-opensource-src <unfixed> (bug #1041105)
 	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
@@ -529,7 +529,7 @@ CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored
 CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...)
 	NOT-FOR-US: WP EasyCart plugin for WordPress
 CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()]
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1041102)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243
 	NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html
 CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request  ...)
@@ -565,7 +565,7 @@ CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain
 	NOTE: https://github.com/gpac/gpac/issues/2505
 	NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
 CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...)
-	- apache-jena <unfixed>
+	- apache-jena <unfixed> (bug #1041108)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11
 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...)
 	NOT-FOR-US: WP-Members Membership plugin for WordPress
@@ -1044,7 +1044,7 @@ CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains   an API t
 CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis affect ...)
 	NOT-FOR-US: Rockwell
 CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...)
-	- opendkim <unfixed>
+	- opendkim <unfixed> (bug #1041107)
 	NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...)
 	- airflow <itp> (bug #819700)
@@ -1206,19 +1206,19 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the
 CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...)
 	NOT-FOR-US: SICK
 CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1041110)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291
 	NOTE: https://sourceforge.net/p/sox/bugs/367/
 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...)
 	NOT-FOR-US: Delta Electronics InfraSuite Device Master
 CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1041111)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283
 	NOTE: https://sourceforge.net/p/sox/bugs/368/
 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...)
 	NOT-FOR-US: Delta Electronics InfraSuite Device Master
 CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1041112)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
 	NOTE: https://sourceforge.net/p/sox/bugs/369/
 CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...)
@@ -1242,7 +1242,7 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp
 CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1041113)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279
 	NOTE: https://sourceforge.net/p/sox/bugs/370/
 CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...)
@@ -1841,6 +1841,7 @@ CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf
 CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...)
 	- kanboard 1.2.31+ds-1 (bug #1040265)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
+	NOTE: https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
 CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...)
 	NOT-FOR-US: Chrome OS
 CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433b22941315f47b280276d98fe4743b82b71343
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/a6923d1a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list