[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 21 09:11:47 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43b211c2 by security tracker role at 2023-06-21T08:11:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-3339 (A vulnerability has been found in code-projects Agro-School Management ...)
+	TODO: check
+CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
+	TODO: check
 CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System  ...)
 	NOT-FOR-US: SourceCodester Online School Fees System
 CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping System Adv ...)
@@ -2306,6 +2310,7 @@ CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium
 CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...)
 	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer  ...)
+	{DLA-3463-1}
 	- opensc 0.23.0-0.3 (bug #1037021)
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/issues/2785
@@ -3338,6 +3343,7 @@ CVE-2023-2765 (A vulnerability has been found in Weaver OA up to 9.5 and classif
 CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framework pri ...)
 	NOT-FOR-US: pimcore
 CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...)
+	{DLA-3462-1}
 	- wordpress 6.2.1+dfsg1-1 (bug #1036296)
 	[bookworm] - wordpress <postponed> (Minor issue, fix along in future update)
 	[bullseye] - wordpress <postponed> (Minor issue, fix along in future update)
@@ -41283,7 +41289,7 @@ CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulner
 	NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
 CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
 	NOT-FOR-US: Joplin Desktop App
-CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.)
+CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: t ...)
 	NOT-FOR-US: ComponentSpace.Saml2
 CVE-2022-45596
 	RESERVED
@@ -99450,8 +99456,8 @@ CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package humm
 	NOT-FOR-US: Muhammara Nodejs module
 CVE-2022-25884
 	RESERVED
-CVE-2022-25883
-	RESERVED
+CVE-2022-25883 (Versions of the package semver before 7.5.2 are vulnerable to Regular  ...)
+	TODO: check
 CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to Directory ...)
 	NOT-FOR-US: onnx
 CVE-2022-25881 (This affects versions of the package http-cache-semantics before 4.1.1 ...)
@@ -125227,6 +125233,7 @@ CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-9
 CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
 	NOT-FOR-US: D-Link
 CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...)
+	{DLA-3463-1}
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
@@ -125237,6 +125244,7 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version
 	NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0)
 CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...)
+	{DLA-3463-1}
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
@@ -125247,6 +125255,7 @@ CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version
 	NOTE: https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1)
 CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in  ...)
+	{DLA-3463-1}
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
@@ -125254,6 +125263,7 @@ CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139
 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0  ...)
+	{DLA-3463-1}
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
@@ -232297,7 +232307,7 @@ CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.)
 CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
 	NOT-FOR-US: TRENDnet ProView
 CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
-	{DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
+	{DSA-4741-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
 	- json-c 0.13.1+dfsg-8 (bug #960326)
 	- libfastjson 1.2304.0-1 (bug #1035302)
 	[bullseye] - libfastjson <no-dsa> (Minor issue)
@@ -305668,6 +305678,7 @@ CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface (AW
 CVE-2019-6503 (There is a deserialization vulnerability in Chatopera cosin v3.10.0. A ...)
 	NOT-FOR-US: Chatopera cosin
 CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory  ...)
+	{DLA-3463-1}
 	- opensc 0.20.0-1 (unimportant)
 	NOTE: https://github.com/OpenSC/OpenSC/issues/1586
 	NOTE: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (0.20.0-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b211c20daf81b9d31aa0d9121766e6507a03f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b211c20daf81b9d31aa0d9121766e6507a03f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230621/6687c100/attachment.htm>

More information about the debian-security-tracker-commits mailing list