[Git][security-tracker-team/security-tracker][master] 3 commits: Add new CVEs for graylog2, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 1 05:35:07 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8510c26c by Salvatore Bonaccorso at 2023-09-01T06:34:26+02:00
Add new CVEs for graylog2, itp'ed
- - - - -
ed581667 by Salvatore Bonaccorso at 2023-09-01T06:34:27+02:00
Add CVE-2023-41040/python-git
- - - - -
4738ffb7 by Salvatore Bonaccorso at 2023-09-01T06:34:29+02:00
Add CVE-2023-39616/aom
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51,9 +51,9 @@ CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal paramete
CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...)
NOT-FOR-US: GruppoSCAI RealGimm
CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use ...)
- TODO: check
+ - graylog2 <itp> (bug #652273)
CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...)
- TODO: check
+ - graylog2 <itp> (bug #652273)
CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...)
TODO: check
CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
@@ -135,7 +135,8 @@ CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file
CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...)
- graylog2 <itp> (bug #652273)
CVE-2023-41040 (GitPython is a python library used to interact with Git repositories. ...)
- TODO: check
+ - python-git <unfixed>
+ NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c
CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...)
@@ -438,7 +439,8 @@ CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web int
CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...)
TODO: check
CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...)
- TODO: check
+ - aom 3.7.0~rc3-1
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 (fixes in 3.7.0~rc2)
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...)
- libxml2 <unfixed>
[bookworm] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d386daf1458ae2dc0d6df1ac8f044876dc23d98...4738ffb703cdebce09aecd932ea0a5a53799f08b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/f3e2e245/attachment.htm>
More information about the debian-security-tracker-commits
mailing list