[Git][security-tracker-team/security-tracker][master] 3 commits: Process two NFUs

Wed Nov 8 11:15:45 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f7785ab by Salvatore Bonaccorso at 2023-11-08T12:14:46+01:00
Process two NFUs

- - - - -
df9513b7 by Salvatore Bonaccorso at 2023-11-08T12:14:48+01:00
Add CVE-2023-46001/gpac

- - - - -
556f18f2 by Salvatore Bonaccorso at 2023-11-08T12:14:48+01:00
Add CVE-2023-46998/libjs-bootbox

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...)
-	TODO: check
+	NOT-FOR-US: YugabyteDB
 CVE-2023-6001 (Prometheus metrics are available without authentication. These expose  ...)
-	TODO: check
+	NOT-FOR-US: YugabyteDB
 CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...)
@@ -55,7 +55,9 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated
 CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...)
 	NOT-FOR-US: timetec AWDMS
 CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2629
+	NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4
 CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...)
 	NOT-FOR-US: PrestaShop addon
 CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...)
@@ -234,7 +236,8 @@ CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user ac
 CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...)
 	NOT-FOR-US: RedisGraph
 CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...)
-	TODO: check
+	- libjs-bootbox <unfixed>
+	NOTE: https://github.com/bootboxjs/bootbox/issues/661
 CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fca46d1239331802a5c28b1ffd99353dc7a71994...556f18f2a1dae5259c8260880ee58ef0379b4033

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fca46d1239331802a5c28b1ffd99353dc7a71994...556f18f2a1dae5259c8260880ee58ef0379b4033
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231108/bba1170c/attachment.htm>
