[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2023-2581{7,8}/nextcloud-server
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 30 21:17:14 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8f8cd09 by Salvatore Bonaccorso at 2023-03-30T22:16:05+02:00
Add CVE-2023-2581{7,8}/nextcloud-server
- - - - -
65f7b865 by Salvatore Bonaccorso at 2023-03-30T22:16:06+02:00
Add CVE-2023-24180/libelfin
- - - - -
cb18b359 by Salvatore Bonaccorso at 2023-03-30T22:16:08+02:00
Add CVE-2023-22288/check-mk
- - - - -
2493a6e9 by Salvatore Bonaccorso at 2023-03-30T22:16:09+02:00
Add CVE-2023-2086{0,1}/libspring-java
- - - - -
55e19e8a by Salvatore Bonaccorso at 2023-03-30T22:16:11+02:00
Add CVE-2022-443{68,69,70}/nasm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9458,9 +9458,9 @@ CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a se
CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
NOT-FOR-US: Discourse
CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815
@@ -14251,7 +14251,8 @@ CVE-2023-24182
CVE-2023-24181
RESERVED
CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
- TODO: check
+ - libelfin <unfixed>
+ NOTE: https://github.com/aclements/libelfin/issues/75
CVE-2023-24179
RESERVED
CVE-2023-24178
@@ -15307,7 +15308,7 @@ CVE-2023-22307
CVE-2023-22294
RESERVED
CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -33352,9 +33353,13 @@ CVE-2023-20863
CVE-2023-20862
RESERVED
CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2023-20861
+ NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2023-20860
+ NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
TODO: check
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
@@ -33975,11 +33980,17 @@ CVE-2022-44372
CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...)
NOT-FOR-US: hope-boot
CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in the com ...)
- TODO: check
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference ...)
- TODO: check
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392819
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference in the N ...)
- TODO: check
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392820
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
NOT-FOR-US: Tenda
CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/0b92601b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list