[Git][security-tracker-team/security-tracker][master] new hamster-time-tracker issue (might be bogus), NFU

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 6 14:13:20 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6122b59e by Moritz Muehlenhoff at 2023-10-06T15:12:44+02:00
new hamster-time-tracker issue (might be bogus), NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2463,7 +2463,7 @@ CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtai
 CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...)
 	NOT-FOR-US: CoreCode MacUpdater
 CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...)
-	TODO: check
+	NOT-FOR-US: imgcat
 CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...)
 	NOT-FOR-US: KostacKostac PLC Programming Software
 CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...)
@@ -3093,7 +3093,9 @@ CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configu
 CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...)
 	NOT-FOR-US: I-doit pro
 CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...)
-	TODO: check
+	- hamster-time-tracker <unfixed>
+	NOTE: https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md
+	NOTE: Report sounds a little dubious, it's not really clear whether this cross any security boundary
 CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...)
 	NOT-FOR-US: Movim
 CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6122b59ed35db96cf44ea161057b98e24bfff1c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6122b59ed35db96cf44ea161057b98e24bfff1c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/bfdd9422/attachment.htm>

More information about the debian-security-tracker-commits mailing list