[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 26 16:33:19 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85359fdd by Moritz Muehlenhoff at 2023-06-26T17:32:32+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106,13 +106,13 @@ CVE-2023-36272 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflo
 CVE-2023-36271 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via  ...)
 	- libredwg <itp> (bug #595191)
 CVE-2023-35931 (Shescape is a simple shell escape library for JavaScript. An attacker  ...)
-	TODO: check
+	NOT-FOR-US: Shescape
 CVE-2023-35925 (FastAsyncWorldEdit (FAWE) is designed for efficient world editing. Thi ...)
-	TODO: check
+	NOT-FOR-US: FastAsyncWorldEdit
 CVE-2023-35759 (In Progress WhatsUp Gold before 23.0.0, an SNMP-related application en ...)
 	NOT-FOR-US: Progress WhatsUp Gold
 CVE-2023-35167 (Remult is a CRUD framework for full-stack TypeScript. If you used the  ...)
-	TODO: check
+	NOT-FOR-US: Remult
 CVE-2023-35162 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-35161 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -154,127 +154,128 @@ CVE-2023-34465 (XWiki Platform is a generic wiki platform. Starting in version 1
 CVE-2023-34464 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-34460 (Tauri is a framework for building binaries for all major desktop platf ...)
-	TODO: check
+	NOT-FOR-US: Tauri
 CVE-2023-34203 (In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explo ...)
-	TODO: check
+	NOT-FOR-US: Progress OpenEdge OEM
 CVE-2023-34188 (The HTTP server in Mongoose before 7.10 accepts requests containing ne ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
+	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33565 (ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYT ...)
 	TODO: check
 CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32423 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32422 (This issue was addressed by adding additional SQLite logging restricti ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32420 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32419 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32417 (This issue was addressed by restricting options offered on a locked de ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32414 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32413 (A race condition was addressed with improved state handling. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32412 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32411 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32410 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32408 (The issue was addressed with improved handling of caches. This issue i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32407 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32405 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32404 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32402 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32400 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32399 (The issue was addressed with improved handling of caches. This issue i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32398 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32397 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32395 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32392 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32391 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32390 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32388 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32387 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32386 (A privacy issue was addressed with improved handling of temporary file ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32385 (A denial-of-service issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32384 (A buffer overflow was addressed with improved bounds checking. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32382 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32380 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32376 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32375 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32372 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32371 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32369 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32368 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32367 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32365 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32363 (A permissions issue was addressed by removing vulnerable code and addi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32360 (An authentication issue was addressed with improved state management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32357 (An authorization issue was addressed with improved state management. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32355 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32354 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32353 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32352 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32351 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim.   On ...)
 	- grafana <removed>
 CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85359fddc562eb70780cdefa60b851fe2d0a4058

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85359fddc562eb70780cdefa60b851fe2d0a4058
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/4f438524/attachment.htm>


More information about the debian-security-tracker-commits mailing list