[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 18 19:47:44 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
897de784 by Moritz Mühlenhoff at 2023-07-18T20:47:05+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124,7 +124,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...)
 	NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...)
-	- openrefine <unfixed>
+	- openrefine <unfixed> (bug #1041422)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...)
@@ -318,7 +318,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer over
 CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...)
 	NOT-FOR-US: Knowage
 CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...)
-	- cjose <unfixed>
+	- cjose <unfixed> (bug #1041423)
 	NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
 	NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2)
 CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -885,19 +885,19 @@ CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()]
 CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request  ...)
 	NOT-FOR-US: ARMember plugin for WordPress
 CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1041421)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2514
 	NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345
 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1041421)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2516
 	NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c
 CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1041421)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2515
@@ -913,7 +913,7 @@ CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerabil
 CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1041421)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2505
@@ -1797,7 +1797,7 @@ CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem
 CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...)
 	NOT-FOR-US: ThinuTech ThinuCMS
 CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1041421)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
@@ -2305,12 +2305,12 @@ CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series Dat
 CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. ...)
 	NOT-FOR-US: Intelbras
 CVE-2023-35947 (Gradle is a build tool with a focus on build automation and support fo ...)
-	- gradle <undetermined>
+	- gradle <unfixed> (bug #1041424)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842
 	NOTE: https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 (v8.2.0-RC3)
 	NOTE: https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 (v8.2.0-RC3)
 CVE-2023-35946 (Gradle is a build tool with a focus on build automation and support fo ...)
-	- gradle <undetermined>
+	- gradle <unfixed> (bug #1041424)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v
 	NOTE: https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d (v8.2.0-RC3)
 	NOTE: https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 (v8.2.0-RC3)
@@ -2401,12 +2401,12 @@ CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hesti
 CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...)
 	NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...)
-	- hnswlib <unfixed>
+	- hnswlib <unfixed> (bug #1041426)
 	[bookworm] - hnswlib <no-dsa> (Minor issue)
 	[bullseye] - hnswlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/nmslib/hnswlib/issues/467
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...)
-	- pacparser <unfixed>
+	- pacparser <unfixed> (bug #1041425)
 	[bookworm] - pacparser <no-dsa> (Minor issue)
 	[bullseye] - pacparser <no-dsa> (Minor issue)
 	[buster] - pacparser <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897de78450b62479a60a076f6bfe81b550bf4a14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/0aa75d7d/attachment.htm>

More information about the debian-security-tracker-commits mailing list