[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d6865ee by security tracker role at 2023-11-20T08:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...)
+	TODO: check
+CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...)
+	TODO: check
+CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...)
+	TODO: check
 CVE-2023-46302
 	NOT-FOR-US: Apache Submarine
 CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...)
@@ -266,11 +272,13 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
 CVE-2023-6175 [NetScreen file parser crash]
+	{DSA-5559-1}
 	- wireshark 4.0.11-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404
 CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...)
+	{DSA-5559-1}
 	- wireshark 4.0.11-1
 	[bullseye] - wireshark <not-affected> (Only affects 4.x)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html
@@ -7150,7 +7158,7 @@ CVE-2023-3961 (A path traversal vulnerability was identified in Samba when proce
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
 	NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
-	{DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3645-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
+	{DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3656-1 DLA-3645-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
@@ -7842,6 +7850,7 @@ CVE-2023-5374 (A vulnerability classified as critical was found in SourceCodeste
 CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...)
+	{DSA-5559-1}
 	- wireshark 4.0.10-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -8233,7 +8242,7 @@ CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	[buster] - vim <postponed> (Minor issue, 1-byte overflow)
 	NOTE: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
 	NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
-CVE-2023-5341
+CVE-2023-5341 (A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.)
 	- imagemagick 8:6.9.12.98+dfsg1-2
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 (7.1.1-19)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0 (6.9.12-97)
@@ -13780,6 +13789,7 @@ CVE-2023-36741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
 CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...)
 	NOT-FOR-US: TechView LA-5570 Wireless Gateway
 CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...)
+	{DSA-5559-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -14062,18 +14072,21 @@ CVE-2023-XXXX [tryton-server lack of record validation]
 	[buster] - tryton-server 5.0.4-2+deb10u2
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428
 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to  ...)
+	{DSA-5559-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html
 CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...)
+	{DSA-5559-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
 CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
+	{DSA-5559-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -19250,12 +19263,14 @@ CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug t
 CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
+	{DSA-5559-1}
 	- wireshark 4.0.7-1 (bug #1041101)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14  ...)
+	{DSA-5559-1}
 	- wireshark 4.0.7-1 (bug #1041101)
 	[bullseye] - wireshark <not-affected> (Vulnerable code not present)
 	[buster] - wireshark <not-affected> (Vulnerable code not present)
@@ -27846,7 +27861,7 @@ CVE-2023-40481
 	[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
 	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
-CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and code exec ...)
+CVE-2023-31102 (Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid  ...)
 	- 7zip 23.01+dfsg-1
 	[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
@@ -182043,7 +182058,8 @@ CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the
 	- zulip-server <itp> (bug #800052)
 CVE-2021-30476 (HashiCorp Terraform\u2019s Vault Provider (terraform-provider-vault) d ...)
 	NOT-FOR-US: HashiCorp Terraform Vault Provider
-CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
+CVE-2021-3487
+	REJECTED
 	- binutils 2.37-3 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6865ee9db327e8ac89ab3f5ae3ead9c2b28dc7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6865ee9db327e8ac89ab3f5ae3ead9c2b28dc7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/1bdfb20f/attachment.htm>