[Git][security-tracker-team/security-tracker][master] automatic update

Sun Sep 10 21:12:24 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05576d55 by security tracker role at 2023-09-10T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
+	TODO: check
+CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...)
+	TODO: check
 CVE-2023-4877 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: hamza417/inure
 CVE-2023-4876 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
@@ -28,12 +32,14 @@ CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attacke
 	NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1)
 	TODO: to be checked if affects the embedded copy for openmpi
 CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...)
+	{DSA-5494-1}
 	- mutt 2.2.12-0.1 (bug #1051563)
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel)
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6 (mutt-2-2-12-rel)
 	NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1
 CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email in Mut ...)
+	{DSA-5494-1}
 	- mutt 2.2.12-0.1 (bug #1051563)
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel)
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0 (mutt-2-2-12-rel)
@@ -56897,6 +56903,7 @@ CVE-2023-20902
 CVE-2023-20901
 	RESERVED
 CVE-2023-20900 (A malicious actor that has been granted  Guest Operation Privileges ht ...)
+	{DSA-5493-1}
 	- open-vm-tools 2:12.3.0-1 (bug #1050970)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
 	NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -56968,7 +56975,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta
 CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...)
 	NOT-FOR-US: VMware
 CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...)
-	{DLA-3531-1}
+	{DSA-5493-1 DLA-3531-1}
 	- open-vm-tools 2:12.2.5-1 (bug #1037546)
 	NOTE: https://www.vmware.com/security/advisories/VMSA-2023-0013.html
 	NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch
@@ -221063,6 +221070,7 @@ CVE-2020-22630
 CVE-2020-22629
 	RESERVED
 CVE-2020-22628 (Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\ ...)
+	{DLA-3560-1}
 	- libraw 0.20.0-4
 	NOTE: https://github.com/LibRaw/LibRaw/issues/269
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a (0.20-RC2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05576d55aa648e34c333f6b9a99bfbd4b7b2d085

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05576d55aa648e34c333f6b9a99bfbd4b7b2d085
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230910/1dcc4bdb/attachment.htm>
