[Git][security-tracker-team/security-tracker][master] Add CVE-2023-46136/python-werkzeug

Wed Oct 25 15:24:41 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7170b4b4 by Salvatore Bonaccorso at 2023-10-25T16:24:17+02:00
Add CVE-2023-46136/python-werkzeug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,7 +22,9 @@ CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (ex
 CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 co ...)
 	NOT-FOR-US: IBM
 CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...)
-	TODO: check
+	- python-werkzeug <unfixed>
+	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
+	NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1)
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys.  ...)
 	TODO: check
 CVE-2023-46126 (Fides is an open-source privacy engineering platform for managing the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7170b4b490dc8c43e55a6fb8e2492e7118e64c2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7170b4b490dc8c43e55a6fb8e2492e7118e64c2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231025/5143bf24/attachment-0001.htm>
