[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 1 09:12:13 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
540519a2 by security tracker role at 2023-05-01T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-25085 (A vulnerability classified as problematic was found in Responsive Menu ...)
+	TODO: check
+CVE-2015-10105 (A vulnerability, which was classified as critical, was found in IP Bla ...)
+	TODO: check
+CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2023-2430 [io_uring/msg_ring: fix missing lock on overflow for IOPOLL]
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -6846,7 +6852,7 @@ CVE-2023-28929
 CVE-2023-28928
 	RESERVED
 CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP packet wi ...)
-	{DSA-5387-1}
+	{DSA-5387-1 DLA-3410-1}
 	- openvswitch 3.1.0-2 (bug #1034042)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1
 	NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1)
@@ -7453,6 +7459,7 @@ CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPC
 CVE-2023-28757
 	RESERVED
 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...)
+	{DLA-3408-1}
 	- ruby3.1 <unfixed>
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
@@ -7463,6 +7470,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 	NOTE: Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2)
 	NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...)
+	{DLA-3408-1}
 	- rubygems <unfixed>
 	- ruby3.1 <unfixed>
 	- ruby2.7 <removed>
@@ -7890,6 +7898,7 @@ CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In
 CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
 	NOT-FOR-US: comrak
 CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...)
+	{DLA-3409-1}
 	- libapache2-mod-auth-openidc <unfixed> (bug #1033916)
 	NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a (v2.4.13.2)
 	NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
@@ -146463,12 +146472,14 @@ CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idlin
 CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
 	NOT-FOR-US: Pi-hole
 CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+	{DLA-3409-1}
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9)
 CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+	{DLA-3409-1}
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
@@ -146482,11 +146493,13 @@ CVE-2021-32788 (Discourse is an open source discussion platform. In versions pri
 CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...)
 	NOT-FOR-US: Sourcegraph
 CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+	{DLA-3409-1}
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
 CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+	{DLA-3409-1}
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
@@ -148335,7 +148348,7 @@ CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab
 CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
 	NOT-FOR-US: Mitel
 CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
-	{DSA-5066-1 DLA-2780-1}
+	{DSA-5066-1 DLA-3408-1 DLA-2780-1}
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
@@ -149267,7 +149280,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
 	NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
 CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
-	{DSA-5066-1 DLA-2780-1}
+	{DSA-5066-1 DLA-3408-1 DLA-2780-1}
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
@@ -197098,7 +197111,7 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl
 	NOTE: Test case: https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c
 	NOTE: Fixed by: https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94 (master)
 CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
-	{DLA-2392-1 DLA-2391-1}
+	{DLA-3408-1 DLA-2392-1 DLA-2391-1}
 	- ruby2.7 2.7.1-4
 	- ruby2.5 <removed>
 	[buster] - ruby2.5 2.5.5-3+deb10u3
@@ -237547,7 +237560,7 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mo
 	NOTE: Debian does not build mod_cap and does not use the embedded libcap.
 	NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
 CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
-	{DLA-2298-1 DLA-2130-1}
+	{DLA-3409-1 DLA-2298-1 DLA-2130-1}
 	- libapache2-mod-auth-openidc 2.4.1-1
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -270148,7 +270161,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via
 CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -270156,7 +270169,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
 	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
 	NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
 CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -270347,7 +270360,7 @@ CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expo
 CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
 	NOT-FOR-US: MISP
 CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -363211,7 +363224,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
 CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
-	{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+	{DSA-4259-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
 	- jruby 9.3.9.0+ds-1 (bug #972230)
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540519a2734ba13010dd8fb76654f2403f3dc131

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540519a2734ba13010dd8fb76654f2403f3dc131
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230501/82785bdd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list