[Git][security-tracker-team/security-tracker][master] 4 commits: Add two opencv CVEs: CVE-2023-2617 and CVE-2023-2618

Wed May 10 21:18:05 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e76698a1 by Salvatore Bonaccorso at 2023-05-10T22:17:09+02:00
Add two opencv CVEs: CVE-2023-2617 and CVE-2023-2618

- - - - -
499213c8 by Salvatore Bonaccorso at 2023-05-10T22:17:11+02:00
Add CVE-2023-31137/maradns

- - - - -
f4ecc10c by Salvatore Bonaccorso at 2023-05-10T22:17:13+02:00
Process one NFU

- - - - -
11a3f0bb by Salvatore Bonaccorso at 2023-05-10T22:17:14+02:00
Add CVE-2021-31240/ming

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -48,9 +48,17 @@ CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API
 CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester
 CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	- opencv <unfixed>
+	[bullseye] - opencv <not-affected> (Vulnerable code not present)
+	[buster] - opencv <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/opencv/opencv_contrib/pull/3484
+	NOTE: https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6
 CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...)
-	TODO: check
+	- opencv <unfixed>
+	[bullseye] - opencv <not-affected> (Vulnerable code not present)
+	[buster] - opencv <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/opencv/opencv_contrib/pull/3480
+	NOTE: https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c
 CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...)
 	NOT-FOR-US: pimcore
 CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
@@ -972,7 +980,9 @@ CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an
 CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
 	NOT-FOR-US: DHIS2
 CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name System ...)
-	TODO: check
+	- maradns <unfixed>
+	NOTE: https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58
+	NOTE: https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c
 CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO  ...)
 	NOT-FOR-US: PostgresNIO
 CVE-2023-31135
@@ -150190,7 +150200,7 @@ CVE-2021-31713
 CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
 	NOT-FOR-US: react-draft-wysiwyg
 CVE-2021-31711 (Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanag ...)
-	TODO: check
+	NOT-FOR-US: Trippo ResponsiveFilemanager
 CVE-2021-31710
 	RESERVED
 CVE-2021-31709
@@ -151364,7 +151374,8 @@ CVE-2021-31242
 CVE-2021-31241
 	RESERVED
 CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to execute a ...)
-	TODO: check
+	- ming <removed>
+	NOTE: https://github.com/libming/libming/issues/218
 CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...)
 	TODO: check
 CVE-2021-31238



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34...11a3f0bb1c40e0dc8185c6857c1331a711f41191

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34...11a3f0bb1c40e0dc8185c6857c1331a711f41191
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230510/ac923d33/attachment.htm>
