[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 11 20:24:49 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7436bf6 by Moritz Muehlenhoff at 2023-09-11T21:24:19+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1616,13 +1616,11 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain h
 CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In  ...)
 	- node-openpgp <itp> (bug #787774)
 CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...)
-	- zbar <unfixed>
+	- zbar <unfixed> (bug #1051724)
 	NOTE: https://hackmd.io/@cspl/H1PxPAUnn
-	TODO: check if reported upsream
 CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...)
-	- zbar <unfixed>
+	- zbar <unfixed> (bug #1051724)
 	NOTE: https://hackmd.io/@cspl/B1ZkFZv23
-	TODO: check if reported upstream
 CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...)
 	NOT-FOR-US: SpringBlade
 CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...)
@@ -1902,9 +1900,8 @@ CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/net
 	- linux 6.4.13-1
 	NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
 CVE-2023-4567
-	- ansible <undetermined>
+	- ansible <unfixed> (bug #1051725)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
-	TODO: check, no upstream information provided in RHBZ#2235369
 CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction]
 	- linux 6.4.13-1
 	NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
@@ -216055,11 +216052,10 @@ CVE-2020-24906
 CVE-2020-24905
 	RESERVED
 CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail version 2.5 ...)
-	- gnome-gmail <removed>
+	- gnome-gmail <removed> (bug #1051726)
 	[bullseye] - gnome-gmail <no-dsa> (Minor issue)
 	[buster] - gnome-gmail <no-dsa> (Minor issue)
 	NOTE: https://github.com/davesteele/gnome-gmail/issues/84
-	TODO: check, might be an issue as well in src:viagee
 CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...)
 	NOT-FOR-US: Cute Editor for ASP.NET
 CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7436bf6a0b0a5b4a0594f1da124270f0fdf91f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7436bf6a0b0a5b4a0594f1da124270f0fdf91f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/5edfb8df/attachment.htm>

More information about the debian-security-tracker-commits mailing list