[Git][security-tracker-team/security-tracker][master] opensearch is in the archive now

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a614ad15 by Moritz Mühlenhoff at 2023-10-21T23:42:33+02:00
opensearch is in the archive now

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -762,7 +762,8 @@ CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensiti
 CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...)
 	NOT-FOR-US: Wago
 CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <unfixed>
+	TODO: Check whether packaged bits are affected
 CVE-2023-45659 (Engelsystem is a shift planning system for chaos events.  If a users'  ...)
 	NOT-FOR-US: Engelsystem
 CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote  ...)
@@ -22569,7 +22570,8 @@ CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming an
 CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <unfixed>
+	TODO: Check whether packaged bits are affected
 CVE-2023-31140 (OpenProject is open source project management software. Starting with  ...)
 	NOT-FOR-US: OpenProject
 CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
@@ -45656,9 +45658,11 @@ CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable
 CVE-2023-23614 (Pi-hole\xae's Web interface (based off of AdminLTE) provides a central ...)
 	NOT-FOR-US: Pi-Hole
 CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <unfixed>
+	TODO: Check whether packaged bits are affected
 CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <unfixed>
+	TODO: Check whether packaged bits are affected
 CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...)
 	NOT-FOR-US: LTI
 CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...)
@@ -72875,9 +72879,9 @@ CVE-2022-41920 (Lancet is a general utility library for the go programming langu
 CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...)
 	NOT-FOR-US: Fastify
 CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <not-affected> (Fixed before initial upload to archive)
 CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
-	NOT-FOR-US: OpenSearch
+	- opensearch <not-affected> (Fixed before initial upload to archive)
 CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...)
 	{DSA-5287-1 DLA-3206-1}
 	- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a614ad15a00270d6bc1017e71b966a3013e029b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a614ad15a00270d6bc1017e71b966a3013e029b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231021/a3c5a176/attachment-0001.htm>