[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
814f0481 by Salvatore Bonaccorso at 2023-09-27T21:55:22+02:00
Process some NFUs

- - - - -
c1d552ec by Salvatore Bonaccorso at 2023-09-27T21:55:24+02:00
Add new glpi issues

- - - - -
8febf8dc by Salvatore Bonaccorso at 2023-09-27T21:55:25+02:00
Add new matrix-synapse issues

- - - - -
ffab2636 by Salvatore Bonaccorso at 2023-09-27T21:55:27+02:00
Process one NFU

- - - - -
b46d392b by Salvatore Bonaccorso at 2023-09-27T21:55:29+02:00
Add new issues in Cilium, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,15 +38,21 @@ CVE-2023-43187 (A remote code execution (RCE) vulnerability in the xmlrpc.php en
 CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loos ...)
 	NOT-FOR-US: Macrob7 Macs Framework Content Management System (CMS)
 CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability is due t ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can access  ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and maintained by  ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/matrix-org/synapse/pull/16327
+	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
 CVE-2023-41996 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	TODO: check
 CVE-2023-41995 (A use-after-free issue was addressed with improved memory management.  ...)
@@ -64,27 +70,43 @@ CVE-2023-41979 (A race condition was addressed with improved locking. This issue
 CVE-2023-41968 (This issue was addressed with improved validation of symlinks. This is ...)
 	TODO: check
 CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
-	TODO: check
+	NOT-FOR-US: MeterSphere
 CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and maintained by  ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/matrix-org/synapse/pull/16272
+	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
 CVE-2023-41333 (Cilium is a networking, observability, and security solution with an e ...)
-	TODO: check
+	- cilium <itp> (bug #858303)
 CVE-2023-41332 (Cilium is a networking, observability, and security solution with an e ...)
-	TODO: check
+	- cilium <itp> (bug #858303)
 CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	TODO: check
 CVE-2023-41174 (The issue was addressed with improved memory handling. This issue is f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/012cb5ac61b57fcddf22a9282355aa399036de2c...b46d392bd342a5256d2bfcad3ea17a690ca07d0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/012cb5ac61b57fcddf22a9282355aa399036de2c...b46d392bd342a5256d2bfcad3ea17a690ca07d0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230927/15126d34/attachment-0001.htm>