[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 7 20:23:59 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4a79e46 by Salvatore Bonaccorso at 2023-09-07T21:22:55+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,20 +5,20 @@ CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPr
 CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: Newsletter plugin for WordPress
 CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of WireMo ...)
-	TODO: check
+	NOT-FOR-US: WireMock
 CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...)
-	TODO: check
+	NOT-FOR-US: WireMock
 CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...)
 	- redis <unfixed>
 	NOTE: https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 (7.2.1)
 	NOTE: https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 (7.0.13)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
 CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain request URL ...)
-	TODO: check
+	NOT-FOR-US: WireMock
 CVE-2023-39956 (Electron is a framework which lets you write cross-platform desktop ap ...)
 	- electron <itp> (bug #842420)
 CVE-2023-39240 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...)
@@ -32,9 +32,9 @@ CVE-2023-39237 (ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insu
 CVE-2023-39236 (ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient f ...)
 	NOT-FOR-US: ASUS
 CVE-2023-38616 (A race condition was addressed with improved state handling. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38605 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38033 (ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has in ...)
 	NOT-FOR-US: ASUS
 CVE-2023-38032 (ASUS RT-AC86U AiProtection security- related function has insufficient ...)
@@ -82,13 +82,13 @@ CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot
 CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the  ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...)
 	NOT-FOR-US: F-RevoCRM
 CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...)
 	NOT-FOR-US: F-RevoCRM
 CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...)
-	TODO: check
+	NOT-FOR-US: Zope
 CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
@@ -25041,21 +25041,21 @@ CVE-2019-25107
 CVE-2019-25106
 	RESERVED
 CVE-2023-28215 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28214 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28213 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28212 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28211 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28210 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28209 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28208 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28207
 	RESERVED
 CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...)
@@ -25091,7 +25091,7 @@ CVE-2023-28197
 CVE-2023-28196
 	RESERVED
 CVE-2023-28195 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	NOT-FOR-US: Apple
 CVE-2023-28193
@@ -25105,9 +25105,9 @@ CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more
 CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2023-28188 (A denial-of-service issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28187 (This issue was addressed with improved state management. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28186
 	RESERVED
 CVE-2023-28185
@@ -25960,7 +25960,7 @@ CVE-2023-27952 (A race condition was addressed with improved locking. This issue
 CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2023-27950 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...)
 	NOT-FOR-US: Apple
 CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a79e46a2f4715a7936558b5982030da4592d93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a79e46a2f4715a7936558b5982030da4592d93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230907/d327252f/attachment.htm>

More information about the debian-security-tracker-commits mailing list