[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 18 14:27:48 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82ba798c by Moritz Muehlenhoff at 2023-05-18T15:27:24+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,7 +28,7 @@ CVE-2023-32762
 	- qtbase-opensource-src-gles <unfixed>
 	TODO: check for more details on actual fixes needed for network/access/qhsts.cpp
 CVE-2023-XXXX [XSS in RSS syntax]
-	- dokuwiki <unfixed>
+	- dokuwiki <unfixed> (bug #1036279)
 	[bullseye] - dokuwiki <no-dsa> (Minor issue)
 	NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967
 	NOTE: https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de
@@ -143,7 +143,7 @@ CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeS
 CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...)
 	NOT-FOR-US: Tongda
 CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1036282)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
@@ -642,13 +642,13 @@ CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow
 	NOTE: Fixed by: https://github.com/podofo/podofo/commit/29d59f604b37159e938a2f46acd4856cfd1e7bac
 	NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184
 CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...)
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #1036278)
 	[bookworm] - libpodofo <no-dsa> (Minor issue)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://github.com/podofo/podofo/issues/71
 CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...)
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #1036278)
 	[bookworm] - libpodofo <no-dsa> (Minor issue)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -7660,7 +7660,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file uploa
 CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...)
-	- libraw <unfixed>
+	- libraw <unfixed> (bug #1036281)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
 	NOTE: https://github.com/LibRaw/LibRaw/issues/557
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master)
@@ -8682,7 +8682,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 	- ruby3.1 <unfixed>
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #1036283)
 	[bookworm] - jruby <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4)
 	NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2)
@@ -8694,7 +8694,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
 	- ruby3.1 <unfixed>
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #1036283)
 	[bookworm] - jruby <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4)
 	NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1)
@@ -31196,11 +31196,11 @@ CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation).
 	NOT-FOR-US: Oracle
 CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed> (bug #1034719)
@@ -31228,7 +31228,7 @@ CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed> (bug #1034719)
 CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed> (bug #1034719)
@@ -31260,15 +31260,15 @@ CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed> (bug #1034719)
 CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
@@ -31284,7 +31284,7 @@ CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 	NOT-FOR-US: Oracle
 CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 8u372-ga-1
-	- openjdk-11 <unfixed>
+	- openjdk-11 <unfixed> (bug #1036280)
 	- openjdk-17 <unfixed> (bug #1035957)
 CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed> (bug #1034719)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ba798c2c0f037284a35f753dca59a85fec0463
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230518/d17da7a3/attachment.htm>

More information about the debian-security-tracker-commits mailing list