[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Sep 12 08:03:02 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51837e30 by Moritz Muehlenhoff at 2023-09-12T09:02:40+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,6 +29,7 @@ CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attac
NOT-FOR-US: Interact
CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2550
NOTE: Fixed by: https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa
CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...)
@@ -43,6 +44,7 @@ CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check
NOT-FOR-US: Softneta MedDream PACS
CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...)
- vips 8.14.4-1
+ [bookworm] - vips <no-dsa> (Minor issue)
[bullseye] - vips <not-affected> (Vulnerable code not present)
[buster] - vips <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libvips/libvips/pull/3604
@@ -61,7 +63,7 @@ CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an aut
CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...)
NOT-FOR-US: Softneta MedDream PACS
CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...)
- - cppcheck <unfixed>
+ - cppcheck <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/
CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...)
TODO: check
@@ -95,6 +97,8 @@ CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through 6.
NOT-FOR-US: Imou Life com.mm.android.smartlifeiot application
CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ...)
- qemu <unfixed>
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1813
CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" ...)
NOT-FOR-US: MyCrops HiGrade "THC Testing & Cannabi" application
@@ -2065,6 +2069,7 @@ CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create
NOT-FOR-US: Zenario CMS
CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...)
- gpac <unfixed> (bug #1051740)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2537
NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/6a5bf650/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list