[Git][security-tracker-team/security-tracker][master] 8 commits: Add Debian bug reference for CVE-2023-28155

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 20 19:43:54 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9325b201 by Salvatore Bonaccorso at 2023-03-20T20:32:49+01:00
Add Debian bug reference for CVE-2023-28155

- - - - -
f8e47c52 by Salvatore Bonaccorso at 2023-03-20T20:34:48+01:00
Add Debian bug reference for CVE-2022-30256/maradns

- - - - -
ce47b2c6 by Salvatore Bonaccorso at 2023-03-20T20:37:39+01:00
Add Debian bug reference for CVE-2023-1108

- - - - -
37c9b798 by Salvatore Bonaccorso at 2023-03-20T20:38:38+01:00
Add Debian bug reference for CVE-2022-3590

- - - - -
4345dc9f by Salvatore Bonaccorso at 2023-03-20T20:39:49+01:00
Add Debian bug reference for CVE-2023-1289

- - - - -
b0cc9068 by Salvatore Bonaccorso at 2023-03-20T20:40:39+01:00
Add Debian bug reference for CVE-2023-26266

- - - - -
321ed613 by Salvatore Bonaccorso at 2023-03-20T20:42:07+01:00
Add Debian bug reference for CVE-2023-2710{2,3}

- - - - -
2e6fbca2 by Salvatore Bonaccorso at 2023-03-20T20:43:09+01:00
Add Debian bug reference for CVE-2023-23456

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1499,7 +1499,7 @@ CVE-2023-28157
 CVE-2023-28156
 	RESERVED
 CVE-2023-28155 (** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for ...)
-	- node-request <unfixed>
+	- node-request <unfixed> (bug #1033250)
 	NOTE: https://github.com/request/request/issues/3442
 CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...)
 	- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
@@ -2076,7 +2076,7 @@ CVE-2023-1290 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-1289
 	RESERVED
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #1033254)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
@@ -3934,7 +3934,7 @@ CVE-2023-1109
 	RESERVED
 CVE-2023-1108
 	RESERVED
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1033253)
 	NOTE: https://issues.redhat.com/browse/UNDERTOW-2239
 CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
 	NOT-FOR-US: flatpressblog
@@ -4644,11 +4644,11 @@ CVE-2023-27105
 CVE-2023-27104
 	RESERVED
 CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via  ...)
-	- libde265 <unfixed>
+	- libde265 <unfixed> (bug #1033257)
 	NOTE: https://github.com/strukturag/libde265/issues/394
 	NOTE: https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995
 CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...)
-	- libde265 <unfixed>
+	- libde265 <unfixed> (bug #1033257)
 	NOTE: https://github.com/strukturag/libde265/issues/393
 	NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1
 CVE-2023-27101
@@ -6671,7 +6671,7 @@ CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has been
 CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary ...)
 	NOT-FOR-US: php-saml-sp
 CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working director ...)
-	- aflplusplus <unfixed>
+	- aflplusplus <unfixed> (bug #1033255)
 	[bullseye] - aflplusplus <no-dsa> (Minor issue)
 	NOTE: https://github.com/AFLplusplus/AFLplusplus/pull/1643
 	NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f
@@ -14917,7 +14917,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_
 	NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860
 	NOTE: https://github.com/upx/upx/issues/631
 CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (bug #1033258)
 	[buster] - upx-ucl <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
 	NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
@@ -36711,7 +36711,7 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ..
 	NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...)
-	- wordpress <unfixed>
+	- wordpress <unfixed> (bug #1033251)
 	[bullseye] - wordpress <no-dsa> (Minor issue)
 	NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
 CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
@@ -72885,7 +72885,7 @@ CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 t
 CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...)
 	NOT-FOR-US: Technitium DNS Server
 CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...)
-	- maradns <unfixed>
+	- maradns <unfixed> (bug #1033252)
 	[bullseye] - maradns <no-dsa> (Minor issue)
 	[buster] - maradns <no-dsa> (Minor issue)
 	NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd3038b57aa161a2f6d9104bbdc7ef70893b3e23...2e6fbca2ba6180bc00b33c7517cb7665fc86b3ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd3038b57aa161a2f6d9104bbdc7ef70893b3e23...2e6fbca2ba6180bc00b33c7517cb7665fc86b3ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230320/47cff7ab/attachment.htm>


More information about the debian-security-tracker-commits mailing list