[Git][security-tracker-team/security-tracker][master] 3 commits: Add new CVEs for graylog2, itp'ed

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8510c26c by Salvatore Bonaccorso at 2023-09-01T06:34:26+02:00
Add new CVEs for graylog2, itp'ed

- - - - -
ed581667 by Salvatore Bonaccorso at 2023-09-01T06:34:27+02:00
Add CVE-2023-41040/python-git

- - - - -
4738ffb7 by Salvatore Bonaccorso at 2023-09-01T06:34:29+02:00
Add CVE-2023-39616/aom

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,9 +51,9 @@ CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal paramete
 CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...)
 	NOT-FOR-US: GruppoSCAI RealGimm
 CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use  ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...)
 	TODO: check
 CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
@@ -135,7 +135,8 @@ CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file
 CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...)
 	- graylog2 <itp> (bug #652273)
 CVE-2023-41040 (GitPython is a python library used to interact with Git repositories.  ...)
-	TODO: check
+	- python-git <unfixed>
+	NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c
 CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
 CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...)
@@ -438,7 +439,8 @@ CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web int
 CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression  ...)
 	TODO: check
 CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...)
-	TODO: check
+	- aom 3.7.0~rc3-1
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 (fixes in 3.7.0~rc2)
 CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...)
 	- libxml2 <unfixed>
 	[bookworm] - libxml2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/f3e2e245/attachment.htm>