[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 11 17:01:05 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
917e6aa0 by Moritz Muehlenhoff at 2023-05-11T18:00:39+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -98,7 +98,7 @@ CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.
TODO: check
CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...)
[experimental] - dav1d 1.2.0-1
- - dav1d <unfixed>
+ - dav1d <unfixed> (bug #1035950)
NOTE: https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0)
CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
NOT-FOR-US: Veritas InfoScale Operations Manager
@@ -109,13 +109,13 @@ CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API
CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...)
- - opencv <unfixed>
+ - opencv <unfixed> (bug #1035954)
[bullseye] - opencv <not-affected> (Vulnerable code not present)
[buster] - opencv <not-affected> (Vulnerable code not present)
NOTE: https://github.com/opencv/opencv_contrib/pull/3484
NOTE: https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6
CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...)
- - opencv <unfixed>
+ - opencv <unfixed> (bug #1035954)
[bullseye] - opencv <not-affected> (Vulnerable code not present)
[buster] - opencv <not-affected> (Vulnerable code not present)
NOTE: https://github.com/opencv/opencv_contrib/pull/3480
@@ -127,7 +127,7 @@ CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...)
NOT-FOR-US: pimcore
CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1035955)
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532)
CVE-2023-32216
@@ -1178,7 +1178,7 @@ CVE-2023-2254
RESERVED
CVE-2023-2253
RESERVED
- - docker-registry <unfixed>
+ - docker-registry <unfixed> (bug #1035956)
NOTE: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
@@ -5211,7 +5211,7 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation vi
NOTE: https://github.com/yasm/yasm/issues/215
NOTE: Crash in CLI tool, no security impact
CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
- - yasm <unfixed>
+ - yasm <unfixed> (bug #1035951)
[bullseye] - yasm <no-dsa> (Minor issue)
NOTE: https://github.com/yasm/yasm/issues/214
CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...)
@@ -26593,7 +26593,7 @@ CVE-2014-125043
CVE-2014-125042
REJECTED
CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena versions ...)
- - apache-jena <unfixed>
+ - apache-jena <unfixed> (bug #1035952)
NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
CVE-2023-22652
RESERVED
@@ -30539,11 +30539,11 @@ CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation).
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -30571,7 +30571,7 @@ CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -30603,15 +30603,15 @@ CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -30627,7 +30627,7 @@ CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed>
- - openjdk-17 <unfixed>
+ - openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed> (bug #1034719)
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -108417,7 +108417,7 @@ CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Age
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107691
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/74532a0839b57337cc26ffc66b2884039e68f23b
CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
@@ -109009,12 +109009,12 @@ CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for
NOT-FOR-US: Rust crate vec-const
CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107683
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/d326153e016f93c22f40ad8fb146bb4108bb94dc
CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107697
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/609b6503af97af5cf00ff497760f71cd71860c48
CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 all ...)
@@ -109022,7 +109022,7 @@ CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15
NOTE: https://github.com/odoo/odoo/issues/107696
CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107684
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/be2c857a2e19b0a752555ab377ce5e1cb081a186
CVE-2021-44475
@@ -109044,27 +109044,27 @@ CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input
NOT-FOR-US: livehelperchat
CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107694
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/e451c4fbffa9472cd3686492e8ba41430ab3b235
CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107688
NOTE: https://github.com/odoo/odoo/commit/c1d6d4a1d9148275213c7f3c286658366df03bd7
CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107690
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/5ac55247b576312ea4f1f274c94d955dd23335d1
CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107682
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f166400c7ddd1bc571fcad52d18d2371f2c3fd87
CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107687
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/1f1e03ff29f711dd26cfbcadc60b7d03fdb59ed7
CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
@@ -136879,12 +136879,12 @@ CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVN
NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107693
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/ff1db4a6aea522cf3dfc80ca88e64ffecfb5e07c
CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...)
{DSA-5399-1}
- - odoo <unfixed>
+ - odoo <unfixed> (bug #1035953)
NOTE: https://github.com/odoo/odoo/issues/107695
NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f2c1ee5a622db33a4411e7f9285f09387d1d7480
CVE-2021-23184
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917e6aa010b0337baa7f116560a5b51a5dc63af6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917e6aa010b0337baa7f116560a5b51a5dc63af6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230511/96235211/attachment.htm>
More information about the debian-security-tracker-commits
mailing list