[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2023-2581{7,8}/nextcloud-server

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 30 21:17:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8f8cd09 by Salvatore Bonaccorso at 2023-03-30T22:16:05+02:00
Add CVE-2023-2581{7,8}/nextcloud-server

- - - - -
65f7b865 by Salvatore Bonaccorso at 2023-03-30T22:16:06+02:00
Add CVE-2023-24180/libelfin

- - - - -
cb18b359 by Salvatore Bonaccorso at 2023-03-30T22:16:08+02:00
Add CVE-2023-22288/check-mk

- - - - -
2493a6e9 by Salvatore Bonaccorso at 2023-03-30T22:16:09+02:00
Add CVE-2023-2086{0,1}/libspring-java

- - - - -
55e19e8a by Salvatore Bonaccorso at 2023-03-30T22:16:11+02:00
Add CVE-2022-443{68,69,70}/nasm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9458,9 +9458,9 @@ CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a se
 CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
 	NOT-FOR-US: Discourse
 CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25815
@@ -14251,7 +14251,8 @@ CVE-2023-24182
 CVE-2023-24181
 	RESERVED
 CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
-	TODO: check
+	- libelfin <unfixed>
+	NOTE: https://github.com/aclements/libelfin/issues/75
 CVE-2023-24179
 	RESERVED
 CVE-2023-24178
@@ -15307,7 +15308,7 @@ CVE-2023-22307
 CVE-2023-22294
 	RESERVED
 CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34,  ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
 	{DSA-5324-1 DLA-3349-1}
 	- linux 6.1.7-1
@@ -33352,9 +33353,13 @@ CVE-2023-20863
 CVE-2023-20862
 	RESERVED
 CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
-	TODO: check
+	- libspring-java <unfixed> (unimportant)
+	NOTE: https://spring.io/security/cve-2023-20861
+	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...)
-	TODO: check
+	- libspring-java <unfixed> (unimportant)
+	NOTE: https://spring.io/security/cve-2023-20860
+	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
 	TODO: check
 CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
@@ -33975,11 +33980,17 @@ CVE-2022-44372
 CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...)
 	NOT-FOR-US: hope-boot
 CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in the com ...)
-	TODO: check
+	- nasm <unfixed> (unimportant)
+	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference ...)
-	TODO: check
+	- nasm <unfixed> (unimportant)
+	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392819
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference in the N ...)
-	TODO: check
+	- nasm <unfixed> (unimportant)
+	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392820
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
 	NOT-FOR-US: Tenda
 CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a...55e19e8aa25c52ede4e6bc9ec945d645a8ea9163
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/0b92601b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list