[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jan 12 22:17:31 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7fa5caa by Moritz Mühlenhoff at 2024-01-12T23:17:14+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -223,7 +223,7 @@ CVE-2022-4960 (A vulnerability, which was classified as problematic, has been fo
 CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk redbbs  ...)
 	NOT-FOR-US: qkmc-rk redbbs
 CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if m ...)
-	- libuev <unfixed>
+	- libuev <unfixed> (bug #1060692)
 	[bookworm] - libuev <no-dsa> (Minor issue)
 	[bullseye] - libuev <no-dsa> (Minor issue)
 	NOTE: https://github.com/troglobit/libuev/issues/27
@@ -703,7 +703,7 @@ CVE-2023-50916 (Kyocera Device Manager before 3.1.1213.0 allows NTLM credential
 CVE-2023-50172 (A recovery notification bypass vulnerability exists in the userRecover ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2023-50120 (MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1060696)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2698
 	NOTE: https://github.com/gpac/gpac/commit/b655955b840ccd7c7198bb15375aa510e76208eb
@@ -860,28 +860,23 @@ CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allo
 CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection vulnerability vi ...)
 	NOT-FOR-US: SEMCMS
 CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1060691)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
-	TODO: check upstream reporting status
 CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1060691)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
-	TODO: check upstream reporting status
 CVE-2023-47995 (Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateB ...)
-	- freeimage <unfixed>
-	TODO: check no sensible references in CVE entry
+	- freeimage <undetermined>
+	NOTE: no sensible references in CVE entry
 CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1060691)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994
-	TODO: check upstream reporting status
 CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in Fre ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1060691)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993
-	TODO: check upstream reporting status
 CVE-2023-47992 (An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc  ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1060691)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992
-	TODO: check upstream reporting status
 CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE MF258. Due t ...)
 	NOT-FOR-US: ZTE
 CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...)
@@ -3275,13 +3270,13 @@ CVE-2023-51772 (One Identity Password Manager before 5.13.1 allows Kiosk Escape.
 CVE-2023-51771 (In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHead ...)
 	NOT-FOR-US: MicroHttpServer
 CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt before 5.15. ...)
-	- qt6-base <unfixed>
+	- qt6-base <unfixed> (bug #1060693)
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
-	- qtbase-opensource-src <unfixed>
+	- qtbase-opensource-src <unfixed> (bug #1060694)
 	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
-	- qtbase-opensource-src-gles <unfixed>
+	- qtbase-opensource-src-gles <unfixed> (bug #1060695)
 	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/524864



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fa5caae260334245d5e88d0a692d462d8bcfc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fa5caae260334245d5e88d0a692d462d8bcfc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240112/baeb309a/attachment.htm>

More information about the debian-security-tracker-commits mailing list