[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 17 14:37:36 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69103dca by Moritz Muehlenhoff at 2023-03-17T15:37:04+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7119,7 +7119,7 @@ CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versi
CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...)
NOT-FOR-US: OpenNMS
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
@@ -7542,19 +7542,19 @@ CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.
CVE-2023-0820
RESERVED
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff
CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
@@ -8112,7 +8112,7 @@ CVE-2023-25642
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
@@ -8203,7 +8203,7 @@ CVE-2023-0762
CVE-2023-0761
RESERVED
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
@@ -13327,7 +13327,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not valid
CVE-2023-0359
RESERVED
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
@@ -15086,15 +15086,15 @@ CVE-2023-23147
CVE-2023-23146
RESERVED
CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
CVE-2023-23142
@@ -17521,7 +17521,7 @@ CVE-2020-36638 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chr
CVE-2020-36637 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de ...)
NOT-FOR-US: Chris92de AdminServ
CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as problemati ...)
- - golang-github-go-macaron-csrf <unfixed>
+ - golang-github-go-macaron-csrf <unfixed> (bug #1033115)
[bullseye] - golang-github-go-macaron-csrf <no-dsa> (Minor issue)
[buster] - golang-github-go-macaron-csrf <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
@@ -19654,49 +19654,49 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h
NOTE: https://github.com/strukturag/libde265/issues/368
NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10)
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)
CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)
CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2358
NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)
CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2357
NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)
CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2354
NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)
CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2356
NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)
CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2355
NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)
CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2353
@@ -19707,13 +19707,13 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void
NOTE: https://github.com/strukturag/libde265/issues/367
NOTE: https://github.com/strukturag/libde265/pull/376
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2350
NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)
CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2349
@@ -22607,31 +22607,31 @@ CVE-2022-47097
CVE-2022-47096
RESERVED
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2345
NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)
CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2344
NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)
CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2347
NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
@@ -22639,25 +22639,25 @@ CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Ov
CVE-2022-47090
RESERVED
CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2338
NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)
CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2340
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2339
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2337
@@ -24377,13 +24377,13 @@ CVE-2022-46492 (nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discov
CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administr ...)
NOT-FOR-US: nbnbk
CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2327
NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0)
CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2328
@@ -25204,7 +25204,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
@@ -28076,7 +28076,7 @@ CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as d
CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
@@ -28201,7 +28201,7 @@ CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9
CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
@@ -28370,7 +28370,7 @@ CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain
CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
@@ -36981,25 +36981,25 @@ CVE-2022-43047
CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...)
NOT-FOR-US: Food Ordering Management System
CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2277
NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2282
NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2276
NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2278
@@ -37007,13 +37007,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain
CVE-2022-43041
RESERVED
CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2280
NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e
CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2281
@@ -43313,7 +43313,7 @@ CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse
CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
@@ -48313,9 +48313,8 @@ CVE-2022-3013 (A vulnerability classified as critical has been found in SourceCo
CVE-2022-3012 (A vulnerability was found in oretnom23 Fast Food Ordering System. It h ...)
NOT-FOR-US: oretnom23 Fast Food Ordering System
CVE-2022-38065 (A privilege escalation vulnerability exists in the oslo.privsep functi ...)
- - python-oslo.privsep <unfixed>
+ - python-oslo.privsep <unfixed> (bug #1033114)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1599
- TODO: check details
CVE-2022-3011
RESERVED
CVE-2022-38785
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69103dcae7bf4176bc9b668144cd32d791c56cbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69103dcae7bf4176bc9b668144cd32d791c56cbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/8f362d90/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list