[Git][security-tracker-team/security-tracker][master] Add CVE-2023-38745 and cross-reference from CVE-2023-35936

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 25 09:23:28 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae10a885 by Salvatore Bonaccorso at 2023-07-25T10:22:52+02:00
Add CVE-2023-38745 and cross-reference from CVE-2023-35936

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,8 @@ CVE-2023-3871 (A vulnerability classified as critical has been found in Campcode
 CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Biltay Technology Scienta
 CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be triggered ...)
-	TODO: check
+	- pandoc <not-affected> (Incomplete fixes for CVE-2023-35936 not applied)
+	NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6)
 CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via schedu ...)
 	TODO: check
 CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL Command ('S ...)
@@ -2692,6 +2693,8 @@ CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup forma
 	NOTE: Regression: https://github.com/jgm/pandoc/commit/df4f13b262f7be5863042f8a5a1c365282c81f07 (3.1.4)
 	NOTE: Tests: https://github.com/jgm/pandoc/commit/fe62da61dfd33e6b4c0c03895c528a47a0405bf7
 	NOTE: Tests: https://github.com/jgm/pandoc/commit/5246f02f0bb9c176a6d2f6e3d0c03407d8a67445
+	NOTE: Followup (to avoid introduction of CVE-2023-38745):
+	NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6)
 CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.)
 	- gitea <removed>
 CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae10a8852d50508d15f7acd7af836160d44e4d66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230725/ad9538f7/attachment.htm>

More information about the debian-security-tracker-commits mailing list