[Git][security-tracker-team/security-tracker][master] automatic update

Sun Oct 8 21:12:23 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4383f8cc by security tracker role at 2023-10-08T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -388,6 +388,7 @@ CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 all
 CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management System v ...)
 	NOT-FOR-US: Personal Management System
 CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...)
+	{DLA-3610-1}
 	- python-urllib3 <unfixed> (bug #1053626)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
 	NOTE: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb (1.26.17)
@@ -1203,6 +1204,7 @@ CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
 	NOT-FOR-US: Zod
 CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
+	{DLA-3612-1}
 	- lemonldap-ng 2.17.1+ds-1
 	[bookworm] - lemonldap-ng 2.16.1+ds-deb12u2
 	[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5
@@ -6191,6 +6193,7 @@ CVE-2023-40580 (Freighter is a Stellar chrome extension. It may be possible for
 CVE-2023-40579 (OpenFGA is an authorization/permission engine built for developers and ...)
 	NOT-FOR-US: OpenFGA
 CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...)
+	{DLA-3609-1}
 	- prometheus-alertmanager 0.26.0+ds-1 (bug #1050558)
 	NOTE: https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j
 	NOTE: https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72 (v0.25.1)
@@ -7629,6 +7632,7 @@ CVE-2023-40305 (GNU indent 2.2.13 has a heap-based buffer overflow in search_bra
 	[buster] - indent <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/index.php?64503
 CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation because of un ...)
+	{DLA-3611-1}
 	- inetutils 2:2.4-3 (bug #1049365)
 	[bookworm] - inetutils 2:2.4-2+deb12u1
 	[bullseye] - inetutils 2:2.0-1+deb11u2
@@ -217068,7 +217072,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P
 CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
 	NOT-FOR-US: SilverStripe
 CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
-	{DLA-2686-1}
+	{DLA-3610-1 DLA-2686-1}
 	- python-urllib3 1.25.9-1
 	NOTE: https://bugs.python.org/issue39603
 	NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9)
@@ -308013,7 +308017,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic
 	NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
 	NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
 CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases  ...)
-	{DLA-2686-1}
+	{DLA-3610-1 DLA-2686-1}
 	- python-urllib3 1.25.6-4 (bug #927412)
 	[jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
@@ -308241,7 +308245,7 @@ CVE-2019-11238
 CVE-2019-11237
 	RESERVED
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
-	{DLA-2686-1 DLA-1828-1}
+	{DLA-3610-1 DLA-2686-1 DLA-1828-1}
 	[experimental] - python-urllib3 1.25.6-1
 	- python-urllib3 1.25.6-4 (bug #927172)
 	NOTE: https://github.com/urllib3/urllib3/issues/1553
@@ -343716,7 +343720,7 @@ CVE-2019-0055 (A vulnerability in the SIP ALG packet processing service of Junip
 CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series Applicat ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0053 (Insufficient validation of environment variables in the telnet client  ...)
-	{DLA-3205-1}
+	{DLA-3611-1}
 	- socks4-server <removed> (low)
 	[buster] - socks4-server <ignored> (Minor issue)
 	[stretch] - socks4-server <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4383f8ccdc02e8afc895c8d5e666cf7ced3b6e1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4383f8ccdc02e8afc895c8d5e666cf7ced3b6e1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231008/a2ad47bd/attachment.htm>
