[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dde7ae7 by security tracker role at 2023-10-22T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...)
+	TODO: check
+CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
+	TODO: check
+CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) before 2.15 ...)
+	TODO: check
+CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or co ...)
+	TODO: check
 CVE-2023-XXXX [SQUID-2023:5 Denial of Service in FTP]
 	- squid <unfixed>
 	[bullseye] - squid <not-affected> (Vulnerable code not present)
@@ -75,6 +83,7 @@ CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensit
 CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...)
 	NOT-FOR-US: IBM
 CVE-2023-5349 [memory leak]
+	{DLA-3625-1}
 	- ruby-rmagick 5.3.0-1
 	NOTE: https://github.com/rmagick/rmagick/pull/1406
 	NOTE: https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0)
@@ -34261,7 +34270,7 @@ CVE-2020-36663 (A vulnerability, which was classified as problematic, was found
 	NOT-FOR-US: artesaos SEOTools
 CVE-2023-27539
 	RESERVED
-	{DLA-3392-1}
+	{DSA-5530-1 DLA-3392-1}
 	- ruby-rack 2.2.6.4-1 (bug #1033264)
 	NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1)
 	NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4)
@@ -34314,7 +34323,7 @@ CVE-2023-27531
 	NOT-FOR-US: Kredis JSON ruby gem
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467
 CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and ...)
-	{DLA-3392-1}
+	{DSA-5530-1 DLA-3392-1}
 	- ruby-rack 2.2.6.4-1 (bug #1032803)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
 	NOTE: https://github.com/rack/rack/commit/8e8869d625e73e16b576b6d31b50208e9ec8002f (main)
@@ -63906,19 +63915,19 @@ CVE-2022-44574 (An improper authentication vulnerability exists in Avalanche ver
 CVE-2022-44573
 	RESERVED
 CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...)
-	{DLA-3298-1}
+	{DSA-5530-1 DLA-3298-1}
 	- ruby-rack 2.2.4-3 (bug #1029832)
 	NOTE: https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 (v2.0.9.2)
 	NOTE: https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae (v2.1.4.2)
 	NOTE: https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 (v2.2.6.1)
 CVE-2022-44571 (There is a denial of service vulnerability in the Content-Disposition  ...)
-	{DLA-3298-1}
+	{DSA-5530-1 DLA-3298-1}
 	- ruby-rack 2.2.4-3 (bug #1029832)
 	NOTE: https://github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (v2.0.9.2)
 	NOTE: https://github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 (v2.1.4.2)
 	NOTE: https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 (v2.2.6.1)
 CVE-2022-44570 (A denial of service vulnerability in the Range header parsing componen ...)
-	{DLA-3298-1}
+	{DSA-5530-1 DLA-3298-1}
 	- ruby-rack 2.2.4-3 (bug #1029832)
 	NOTE: https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2)
 	NOTE: https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2)
@@ -105741,13 +105750,13 @@ CVE-2022-30125
 CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat Mobile  ...)
 	NOT-FOR-US: Rocket.Chat Mobile App
 CVE-2022-30123 (A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 a ...)
-	{DLA-3095-1}
+	{DSA-5530-1 DLA-3095-1}
 	- ruby-rack 2.2.4-1
 	NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
 	NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr
 	NOTE: https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 (main)
 CVE-2022-30122 (A possible denial of service vulnerability exists in Rack <2.0.9.1, <2 ...)
-	{DLA-3095-1}
+	{DSA-5530-1 DLA-3095-1}
 	- ruby-rack 2.2.4-1
 	NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
 	NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dde7ae71cb66a4e47d233cb48d7b54a21196504

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dde7ae71cb66a4e47d233cb48d7b54a21196504
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/a9325643/attachment.htm>