[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jun 25 21:12:48 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ada8bca8 by security tracker role at 2023-06-25T20:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
+	TODO: check
+CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...)
+	TODO: check
+CVE-2023-36630 (In CloudPanel before 2.3.1, insecure file upload leads to privilege es ...)
+	TODO: check
+CVE-2015-20109 (end_pattern (called from internal_fnmatch) in the GNU C Library (aka g ...)
+	TODO: check
 CVE-2023-36612 (Directory traversal can occur in the Basecamp com.basecamp.bc3 applica ...)
 	NOT-FOR-US: Basecamp
 CVE-2023-3388 (The Beautiful Cookie Consent Banner for WordPress is vulnerable to Sto ...)
@@ -441,11 +449,13 @@ CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recur
 	- bind9 <not-affected> (Only affects BIND Supported Preview Edition)
 	NOTE: https://kb.isc.org/docs/cve-2023-2829
 CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...)
+	{DSA-5439-1}
 	- bind9 1:9.18.16-1
 	NOTE: https://kb.isc.org/docs/cve-2023-2911
 	NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
 	NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch
 CVE-2023-2828 (Every `named` instance configured to run as a recursive resolver maint ...)
+	{DSA-5439-1}
 	- bind9 1:9.18.16-1
 	NOTE: https://kb.isc.org/docs/cve-2023-2828
 	NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
@@ -17129,7 +17139,7 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and
 CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...)
 	NOT-FOR-US: wasmtime
 CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
-	{DSA-5426-1}
+	{DSA-5426-1 DLA-3470-1}
 	[experimental] - owslib 0.28.1-1~exp1
 	- owslib 0.27.2-3 (bug #1034182)
 	NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 (0.29.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ada8bca86fdb5b3b9bae3d828618a682fac00f8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ada8bca86fdb5b3b9bae3d828618a682fac00f8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230625/5d17d3f0/attachment.htm>
