[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 24 21:12:24 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d474e72 by security tracker role at 2023-05-24T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,112 @@
-CVE-2023-33246
+CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...)
+ TODO: check
+CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward ...)
+ TODO: check
+CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users' messages in ...)
+ TODO: check
+CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows a ...)
+ TODO: check
+CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Lif ...)
+ TODO: check
+CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier t ...)
+ TODO: check
+CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Lifera ...)
+ TODO: check
+CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Life ...)
+ TODO: check
+CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Life ...)
+ TODO: check
+CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL Server in L ...)
+ TODO: check
+CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in Liferay P ...)
+ TODO: check
+CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module in Life ...)
+ TODO: check
+CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content Display wi ...)
+ TODO: check
+CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for ...)
+ TODO: check
+CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in ...)
+ TODO: check
+CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet widget ...)
+ TODO: check
+CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder module's c ...)
+ TODO: check
+CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget configu ...)
+ TODO: check
+CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM ...)
+ TODO: check
+CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the Create Region ...)
+ TODO: check
+CVE-2023-33799 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33798 (A stored cross-site scripting (XSS) vulnerability in the Create Rack ( ...)
+ TODO: check
+CVE-2023-33797 (A stored cross-site scripting (XSS) vulnerability in the Create Sites ...)
+ TODO: check
+CVE-2023-33796 (A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to e ...)
+ TODO: check
+CVE-2023-33795 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33794 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...)
+ TODO: check
+CVE-2023-33793 (A stored cross-site scripting (XSS) vulnerability in the Create Power ...)
+ TODO: check
+CVE-2023-33792 (A stored cross-site scripting (XSS) vulnerability in the Create Site G ...)
+ TODO: check
+CVE-2023-33791 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...)
+ TODO: check
+CVE-2023-33790 (A stored cross-site scripting (XSS) vulnerability in the Create Locati ...)
+ TODO: check
+CVE-2023-33789 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33788 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...)
+ TODO: check
+CVE-2023-33787 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...)
+ TODO: check
+CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the Create Circui ...)
+ TODO: check
+CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the Create Rack R ...)
+ TODO: check
+CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function in Zyxel ...)
+ TODO: check
+CVE-2023-33009 (A buffer overflow vulnerability in the notification function in Zyxel ...)
+ TODO: check
+CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to escala ...)
+ TODO: check
+CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...)
+ TODO: check
+CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
+ TODO: check
+CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice ...)
+ TODO: check
+CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...)
+ TODO: check
+CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antivirus ...)
+ TODO: check
+CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...)
+ TODO: check
+CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...)
+ TODO: check
+CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...)
+ TODO: check
+CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...)
+ TODO: check
+CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park Ticketing Syste ...)
+ TODO: check
+CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry Store 1.0 a ...)
+ TODO: check
+CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 1.012.GP ...)
+ TODO: check
+CVE-2023-2862 (A vulnerability, which was classified as problematic, was found in Sit ...)
+ TODO: check
+CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions, there ...)
NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...)
- xerial-sqlite-jdbc <unfixed> (bug #1036706)
@@ -3829,10 +3937,10 @@ CVE-2023-2067
RESERVED
CVE-2023-2066
RESERVED
-CVE-2023-2065
- RESERVED
-CVE-2023-2064
- RESERVED
+CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...)
+ TODO: check
+CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-2063
RESERVED
CVE-2023-2062
@@ -3869,8 +3977,8 @@ CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting Sys
NOT-FOR-US: Campcodes Advanced Online Voting System
CVE-2023-2046
RESERVED
-CVE-2023-2045
- RESERVED
+CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...)
@@ -6503,8 +6611,7 @@ CVE-2023-1945
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945
-CVE-2023-1944
- RESERVED
+CVE-2023-1944 (This vulnerability enables ssh access to minikube container using a de ...)
NOT-FOR-US: minikube
CVE-2023-1943
RESERVED
@@ -13143,8 +13250,7 @@ CVE-2023-24596
RESERVED
CVE-2023-22437
RESERVED
-CVE-2023-1174
- RESERVED
+CVE-2023-1174 (This vulnerability exposes a network port in minikube running on macOS ...)
NOT-FOR-US: minikube
CVE-2023-1173
REJECTED
@@ -18803,8 +18909,8 @@ CVE-2023-25600
RESERVED
CVE-2023-25599
RESERVED
-CVE-2023-25598
- RESERVED
+CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
+ TODO: check
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
NOT-FOR-US: Mitel
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
@@ -20268,8 +20374,8 @@ CVE-2023-25030
RESERVED
CVE-2023-25029
RESERVED
-CVE-2023-25028
- RESERVED
+CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
+ TODO: check
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25026
@@ -27521,7 +27627,7 @@ CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of
NOTE: https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 (v1.5.1)
NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq
CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...)
- {DLA-3292-1}
+ {DSA-5410-1 DLA-3292-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654)
NOTE: https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6 (v1.13.11)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
@@ -32042,7 +32148,7 @@ CVE-2022-47517 (An issue was discovered in the libsofia-sip fork in drachtio-ser
NOT-FOR-US: libsofia-sip fork in drachtio-server
NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for src:sofia-sip
CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...)
- {DLA-3334-1}
+ {DSA-5410-1 DLA-3334-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-5 (bug #1031792)
NOTE: Report in fork: https://github.com/drachtio/drachtio-server/issues/244
NOTE: https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14)
@@ -32539,12 +32645,12 @@ CVE-2021-4245 (A vulnerability classified as problematic has been found in chbro
NOT-FOR-US: rfc6902
CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47448
- RESERVED
-CVE-2022-47447
- RESERVED
-CVE-2022-47446
- RESERVED
+CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - ...)
+ TODO: check
+CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier Wo ...)
+ TODO: check
+CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...)
+ TODO: check
CVE-2022-47445
RESERVED
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
@@ -33457,8 +33563,8 @@ CVE-2022-47182
RESERVED
CVE-2022-47181
RESERVED
-CVE-2022-47180
- RESERVED
+CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...)
+ TODO: check
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178
@@ -33513,8 +33619,8 @@ CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolutio
NOT-FOR-US: WordPress plugin
CVE-2022-47153
RESERVED
-CVE-2022-47152
- RESERVED
+CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
+ TODO: check
CVE-2022-47151
RESERVED
CVE-2022-47150
@@ -34471,8 +34577,8 @@ CVE-2022-46818
RESERVED
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46816
- RESERVED
+CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...)
+ TODO: check
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
CVE-2022-46814
@@ -34515,8 +34621,8 @@ CVE-2022-46796
RESERVED
CVE-2022-46795
RESERVED
-CVE-2022-46794
- RESERVED
+CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping ...)
+ TODO: check
CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
@@ -39067,8 +39173,8 @@ CVE-2022-45366
RESERVED
CVE-2022-45365
RESERVED
-CVE-2022-45364
- RESERVED
+CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
+ TODO: check
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45362
@@ -39918,6 +40024,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...)
+ {DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -50666,8 +50773,8 @@ CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjs
NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint)
CVE-2022-42226
RESERVED
-CVE-2022-42225
- RESERVED
+CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vu ...)
+ TODO: check
CVE-2022-42224
RESERVED
CVE-2022-42223
@@ -66164,7 +66271,7 @@ CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerab
NOT-FOR-US: WordPress plugin
CVE-2022-36371
RESERVED
-CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE ...)
+CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
NOT-FOR-US: WordPress plugin
@@ -81147,19 +81254,19 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t
CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
@@ -86838,6 +86945,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not valida
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...)
+ {DLA-3432-1}
- python3.10 3.10.6-1
- python3.9 <removed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -109472,7 +109580,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denia
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...)
- {DLA-2919-1}
+ {DLA-3432-1 DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -130115,7 +130223,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -131326,7 +131434,7 @@ CVE-2021-39617
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -166968,11 +167076,9 @@ CVE-2021-25751
RESERVED
CVE-2021-25750
RESERVED
-CVE-2021-25749
- RESERVED
+CVE-2021-25749 (Windows workloads can run as ContainerAdministrator even when those wo ...)
- kubernetes <not-affected> (Windows-specific)
-CVE-2021-25748
- RESERVED
+CVE-2021-25748 (A security issue was discovered in ingress-nginx where a user that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25747
RESERVED
@@ -167993,7 +168099,7 @@ CVE-2021-3178 (fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there
NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
NOTE: Disputed/mild security relevance/impact
CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
- {DLA-2919-1 DLA-2619-1}
+ {DLA-3432-1 DLA-2919-1 DLA-2619-1}
- python3.9 3.9.1-3
- python3.8 <removed>
- python3.7 <removed>
@@ -197672,7 +197778,7 @@ CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC be
NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master)
NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master)
CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
- {DLA-2456-1}
+ {DLA-3432-1 DLA-2456-1}
- python3.9 3.9.0~b5-1
- python3.8 3.8.5-1
- python3.7 <removed>
@@ -220896,7 +221002,7 @@ CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Lin
NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
- {DLA-2456-1 DLA-2337-1}
+ {DLA-3432-1 DLA-2456-1 DLA-2337-1}
- python3.9 3.9.0~b5-1 (low)
- python3.8 3.8.5-1 (low)
- python3.7 <removed> (low)
@@ -241480,7 +241586,7 @@ CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x ver
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
- {DLA-2280-1}
+ {DLA-3432-1 DLA-2280-1}
- python3.8 3.8.3~rc1-1
- python3.7 <removed>
[buster] - python3.7 3.7.3-2+deb10u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d474e72af62517ea477440f92f28697f3579b2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d474e72af62517ea477440f92f28697f3579b2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/acb9ee80/attachment.htm>
More information about the debian-security-tracker-commits
mailing list