[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 27 21:12:21 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf472722 by security tracker role at 2023-05-27T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...)
+	TODO: check
+CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been classified as ...)
+	TODO: check
+CVE-2023-2926 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...)
+	TODO: check
+CVE-2023-2925 (A vulnerability, which was classified as problematic, was found in Web ...)
+	TODO: check
+CVE-2015-20108 (xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPat ...)
+	TODO: check
 CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant ledger of m ...)
 	- rekor <itp> (bug #990249)
 CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross site scr ...)
@@ -330,7 +340,7 @@ CVE-2023-2496 (The Go Pricing - WordPress Responsive Pricing Tables plugin for W
 	NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress
 CVE-2023-2494 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...)
 	NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress
-CVE-2023-32695 [Insufficient validation when decoding a Socket.IO packet]
+CVE-2023-32695 (socket.io parser is a socket.io encoder and decoder written in JavaScr ...)
 	- node-socket.io-parser 4.2.1+~3.1.0-2
 	NOTE: https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9
 	NOTE: https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced (3.4.3)
@@ -633,6 +643,7 @@ CVE-2023-2782 (Sensitive information disclosure due to improper authorization. T
 CVE-2023-2481 (Compiler removal of buffer clearing in     sli_se_opaque_import_key    ...)
 	NOT-FOR-US: Silicon Labs Gecko Platform SDK
 CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...)
+	{DLA-3434-1}
 	- sysstat <unfixed> (bug #1036294)
 	[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 not applied)
 	NOTE: https://github.com/sysstat/sysstat/pull/360
@@ -2529,6 +2540,7 @@ CVE-2023-2254
 	RESERVED
 CVE-2023-2253
 	RESERVED
+	{DSA-5414-1}
 	- docker-registry 2.8.2+ds1-1 (bug #1035956)
 	NOTE: Fixed by: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 (v2.8.2-beta.1)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
@@ -8423,7 +8435,7 @@ CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration
 CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...)
-	{DLA-3433-1}
+	{DSA-5412-1 DLA-3433-1}
 	- libraw 0.20.2-2.1 (bug #1036281)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
 	NOTE: https://github.com/LibRaw/LibRaw/issues/557
@@ -150489,7 +150501,7 @@ CVE-2021-32144
 CVE-2021-32143
 	RESERVED
 CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows atta ...)
-	{DLA-3433-1}
+	{DSA-5412-1 DLA-3433-1}
 	[experimental] - libraw 0.21.1-1
 	- libraw 0.20.2-2.1 (bug #1031790)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/400



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4727225b21b74cbf5c83d808370be0a78f1b3a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4727225b21b74cbf5c83d808370be0a78f1b3a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230527/4b82e783/attachment.htm>

More information about the debian-security-tracker-commits mailing list