[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 13 15:19:46 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ce32759 by Moritz Muehlenhoff at 2023-10-13T16:18:35+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/
 CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt to rec ...)
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in the sand ...)
-	- tracker-miners <unfixed>
+	- tracker-miners <unfixed> (bug #1053881)
 	NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
 	NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480
 CVE-2023-4562 (Improper Authentication vulnerability in Mitsubishi Electric Corporati ...)
@@ -47,9 +47,9 @@ CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/
 CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...)
 	NOT-FOR-US: LINE
 CVE-2023-5072 (Denial of Service  in JSON-Java versions up to and including 20230618. ...)
-	- libjson-java <unfixed>
-	- jenkins-json <unfixed>
-	- libjettison-java <unfixed>
+	- libjson-java <unfixed> (bug #1053882)
+	- jenkins-json <unfixed> (bug #1053883)
+	- libjettison-java <unfixed> (bug #1053884)
 	NOTE: https://github.com/stleary/JSON-java/issues/758
 	NOTE: https://github.com/stleary/JSON-java/issues/771
 	NOTE: https://github.com/stleary/JSON-java/pull/772/
@@ -58,7 +58,7 @@ CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Kayisi
 CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...)
-	- node-undici <unfixed>
+	- node-undici <unfixed> (bug #1053879)
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
 	NOTE: https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
@@ -68,7 +68,7 @@ CVE-2023-45138 (Change Request is an pplication allowing users to request change
 	NOT-FOR-US: XWiki addon
 CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior  ...)
 	- node-babel <removed>
-	- node-babel7 <unfixed>
+	- node-babel7 <unfixed> (bug #1053880)
 	NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
 	NOTE: github.com: https://github.com/babel/babel/pull/16033
 	NOTE: github.com: https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
@@ -183,7 +183,7 @@ CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilit
 CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy'  ...)
 	NOT-FOR-US: Juniper
 CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1053878)
 	NOTE: https://github.com/gpac/gpac/issues/2567
 	NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06
 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...)
@@ -193,16 +193,16 @@ CVE-2023-40829 (There is an interface unauthorized access vulnerability in the b
 CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...)
 	NOT-FOR-US: Android
 CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to  ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #1053877)
 	NOTE: https://support.zabbix.com/browse/ZBX-23391
 CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #1053877)
 	NOTE: https://support.zabbix.com/browse/ZBX-23230
 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow  ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #1053877)
 	NOTE: https://support.zabbix.com/browse/ZBX-23390
 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps  ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #1053877)
 	NOTE: https://support.zabbix.com/browse/ZBX-23389
 CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
 	- vim <unfixed> (unimportant)
@@ -212,7 +212,7 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
 CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...)
 	NOT-FOR-US: KernelSU
 CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1053878)
 	NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
 	NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
 CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ce3275945321d029103c1bc0f980b2dcf370338
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/28f46b21/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list