[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 17 14:09:29 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4595f08a by Moritz Muehlenhoff at 2023-03-17T15:09:07+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17590,22 +17590,30 @@ CVE-2023-22488 (Flarum is a forum software for building communities. Using the n
 CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...)
 	NOT-FOR-US: Flarum
 CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	- cmark-gfm <unfixed>
+	- cmark-gfm <unfixed> (bug #1033110)
+	- python-cmarkgfm <unfixed> (bug #1033111)
+	- r-cran-commonmark <unfixed> (bug #1033112)
+	- ruby-commonmarker <unfixed> (bug #1033113)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
 	NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7)
-	TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	- cmark-gfm <unfixed>
+	- cmark-gfm <unfixed> (bug #1033110)
+	- python-cmarkgfm <unfixed> (bug #1033111)
+	- r-cran-commonmark <unfixed> (bug #1033112)
+	- ruby-commonmarker <unfixed> (bug #1033113)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr
-	TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	- cmark-gfm <unfixed>
+	- cmark-gfm <unfixed> (bug #1033110)
+	- python-cmarkgfm <unfixed> (bug #1033111)
+	- r-cran-commonmark <unfixed> (bug #1033112)
+	- ruby-commonmarker <unfixed> (bug #1033113)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r
-	TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	- cmark-gfm <unfixed>
+	- cmark-gfm <unfixed> (bug #1033110)
+	- python-cmarkgfm <unfixed> (bug #1033111)
+	- r-cran-commonmark <unfixed> (bug #1033112)
+	- ruby-commonmarker <unfixed> (bug #1033113)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
-	TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader  ...)
@@ -208078,7 +208086,7 @@ CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
 	NOTE: https://github.com/andk/cpanpm/commit/7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 (2.33-TRIAL)
 	NOTE: https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 (2.33-TRIAL)
 CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...)
-	- libcpan-checksums-perl <unfixed>
+	- libcpan-checksums-perl <unfixed> (bug #1033109)
 	[bookworm] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4595f08a6df8c918b41b3f829d65f8cd4606f0c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4595f08a6df8c918b41b3f829d65f8cd4606f0c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/6462a6d4/attachment.htm>


More information about the debian-security-tracker-commits mailing list