[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 3 20:12:07 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f614a194 by security tracker role at 2024-02-03T20:11:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2024-1215 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...)
+	TODO: check
+CVE-2024-1064 (A host header injection vulnerability in the HTTP handler component of ...)
+	TODO: check
+CVE-2023-49950 (The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0  ...)
+	TODO: check
+CVE-2023-44031 (Incorrect access control in Reprise License Management Software Repris ...)
+	TODO: check
+CVE-2023-43183 (Incorrect access control in Reprise License Management Software Repris ...)
+	TODO: check
 CVE-2024-23553 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...)
 	NOT-FOR-US: HCL
 CVE-2024-23550 (HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user inf ...)
@@ -527,7 +537,7 @@ CVE-2023-7069 (The Advanced iFrame plugin for WordPress is vulnerable to Stored
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51939 (An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of  ...)
 	NOT-FOR-US: relic-toolkit
-CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
+CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in its cach ...)
 	- curl 8.6.0-1
 	[bookworm] - curl <not-affected> (Vulnerable code introduced later)
 	[bullseye] - curl <not-affected> (Vulnerable code introduced later)
@@ -3829,6 +3839,7 @@ CVE-2024-0482 (A vulnerability classified as critical has been found in Taokeyun
 CVE-2024-0481 (A vulnerability was found in Taokeyun up to 1.0.5. It has been rated a ...)
 	NOT-FOR-US: Taokeyun
 CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable init ...)
+	{DLA-3733-1}
 	- rear <unfixed> (bug #1060747)
 	[bookworm] - rear <no-dsa> (Minor issue)
 	[bullseye] - rear <no-dsa> (Minor issue)
@@ -7360,6 +7371,7 @@ CVE-2023-51764 (Postfix through 3.8.5 allows SMTP smuggling unless configured wi
 CVE-2023-51763 (csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows C ...)
 	NOT-FOR-US: ActiveAdmin (aka Active Admin)
 CVE-2023-7090 (A flaw was found in sudo in the handling of ipa_hostname, where ipa_ho ...)
+	{DLA-3732-1}
 	- sudo 1.8.28p1-1
 	NOTE: https://github.com/sudo-project/sudo/commit/e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c (SUDO_1_8_28p1)
 	NOTE: https://www.sudo.ws/repos/sudo/rev/b4f31dbe3109
@@ -27492,14 +27504,14 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain h
 CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In  ...)
 	- node-openpgp <itp> (bug #787774)
 CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...)
-	{DLA-3675-1}
+	{DSA-5614-1 DLA-3675-1}
 	- zbar 0.23.92-9 (bug #1051724)
 	NOTE: https://hackmd.io/@cspl/H1PxPAUnn
 	NOTE: https://github.com/mchehab/zbar/issues/263
 	NOTE: https://github.com/mchehab/zbar/pull/276
 	NOTE: https://github.com/mchehab/zbar/commit/012a030250a203e5529d09caedea7ad7173dacfd
 CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...)
-	{DLA-3675-1}
+	{DSA-5614-1 DLA-3675-1}
 	- zbar 0.23.92-9 (bug #1051724)
 	NOTE: https://hackmd.io/@cspl/B1ZkFZv23
 	NOTE: https://github.com/mchehab/zbar/issues/263
@@ -50370,10 +50382,12 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by netwo
 	NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
+	{DLA-3732-1}
 	- sudo 1.9.13p1-1
 	[bullseye] - sudo <no-dsa> (Minor issue)
 	NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.)
+	{DLA-3732-1}
 	- sudo 1.9.13p1-1
 	[bullseye] - sudo <no-dsa> (Minor issue)
 	NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f614a1943f044dedecd07eb9c8fb8ba2f6753034

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f614a1943f044dedecd07eb9c8fb8ba2f6753034
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240203/bdc02f4a/attachment.htm>

More information about the debian-security-tracker-commits mailing list