[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Thu Nov 16 09:48:05 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b6866ff by Salvatore Bonaccorso at 2023-11-16T10:46:34+01:00
Process some NFUs

- - - - -
84d36b1c by Salvatore Bonaccorso at 2023-11-16T10:46:35+01:00
Add CVE-2023-47471/libde265

- - - - -
cd7e4dc0 by Salvatore Bonaccorso at 2023-11-16T10:47:34+01:00
Add CVE-2023-47470/ffmpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,13 +23,18 @@ CVE-2023-48198 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a loc
 CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...)
 	- grocy <itp> (bug #969056)
 CVE-2023-47674 (Missing authentication for critical function vulnerability in First Co ...)
-	TODO: check
+	NOT-FOR-US: First Corporation
 CVE-2023-47638
 	REJECTED
 CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/426
+	NOTE: https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
 CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456574705 ...)
-	TODO: check
+	- ffmpeg 7:6.1-1
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1)
+	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/
+	NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg
 CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...)
 	TODO: check
 CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...)
@@ -43,19 +48,19 @@ CVE-2023-47264 (Certain WithSecure products have a buffer over-read whereby proc
 CVE-2023-47263 (Certain WithSecure products allow a Denial of Service (DoS) in the ant ...)
 	NOT-FOR-US: WithSecure
 CVE-2023-47213 (First Corporation's DVRs use a hard-coded password, which may allow a  ...)
-	TODO: check
+	NOT-FOR-US: First Corporation
 CVE-2023-47003 (An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitra ...)
 	NOT-FOR-US: RedisGraph
 CVE-2023-44296 (Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vu ...)
 	NOT-FOR-US: Dell
 CVE-2023-43757 (Inadequate encryption strength vulnerability in multiple routers provi ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-43752 (OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-43275 (Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2023-41442 (An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1 ...)
-	TODO: check
+	NOT-FOR-US: Kloudq Technologies Limited Tor Equip
 CVE-2023-6079
 	REJECTED
 CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...)
@@ -168486,7 +168491,7 @@ CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipc
 	- phpipam <itp> (bug #731713)
 	NOTE: https://github.com/phpipam/phpipam/issues/3351
 CVE-2021-35437 (SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute ...)
-	TODO: check
+	NOT-FOR-US: LMXCMS
 CVE-2021-35436
 	RESERVED
 CVE-2021-35435



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725...cd7e4dc03f00db5c1bf50832d7292916eabd4cc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/2925e8a6/attachment.htm>
