[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 21 20:19:08 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c2b6bc6 by Salvatore Bonaccorso at 2023-06-21T21:16:57+02:00
Process one NFU

- - - - -
30bcdfdc by Salvatore Bonaccorso at 2023-06-21T21:18:06+02:00
Add CVE-2023-34624/libhtmlcleaner-java

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2023-34596 (A vulnerability in Aeotec WallMote Switch firmware v2.3 allows a
 CVE-2023-34563 (netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overfl ...)
 	NOT-FOR-US: Netgear
 CVE-2023-34541 (Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_pr ...)
-	TODO: check
+	NOT-FOR-US: Langchain
 CVE-2023-33869 (Enphase Envoy versions D7.0.88 is vulnerable to a command injection ex ...)
 	NOT-FOR-US: Enphase Envoy
 CVE-2023-33495 (Craft CMS through 4.4.9 is vulnerable to HTML Injection.)
@@ -566,7 +566,8 @@ CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulne
 CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...)
 	NOT-FOR-US: ujcms
 CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...)
-	TODO: check
+	- libhtmlcleaner-java 2.29-1
+	NOTE: https://github.com/amplafi/htmlcleaner/issues/13
 CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...)
 	- jtidy <unfixed> (bug #1038663)
 	[bookworm] - jtidy <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0b0c25921138cf7e02094c3a9256bb5cede9e77...30bcdfdcf56231c70dd338ad4621016efb0ad352

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0b0c25921138cf7e02094c3a9256bb5cede9e77...30bcdfdcf56231c70dd338ad4621016efb0ad352
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230621/3a3dd49e/attachment.htm>

More information about the debian-security-tracker-commits mailing list