[Git][security-tracker-team/security-tracker][master] various r-cran-commonmark issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 4 15:35:41 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4db1c97c by Moritz Muehlenhoff at 2024-11-04T16:35:13+01:00
various r-cran-commonmark issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -110673,8 +110673,8 @@ CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementati
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1041099)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.1-1 (bug #1041099)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1041100)
@@ -110683,6 +110683,7 @@ CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementati
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/969e27ea29dce1c2d7ab9b9909640bb4643d460f (v1.9.1)
CVE-2023-37267 (Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco c ...)
NOT-FOR-US: Umbraco
CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When mo ...)
@@ -133425,8 +133426,8 @@ CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1034173)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.1-1 (bug #1034173)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1034174)
@@ -133436,6 +133437,7 @@ CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
NOTE: https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 (0.29.0.gfm.10)
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/969e27ea29dce1c2d7ab9b9909640bb4643d460f (v1.9.1)
CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
NOT-FOR-US: KubeVirt
CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...)
@@ -138619,8 +138621,8 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1034173)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.1-1 (bug #1034173)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1034174)
@@ -138630,6 +138632,7 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 (0.29.0.gfm.10)
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/969e27ea29dce1c2d7ab9b9909640bb4643d460f (v1.9.1)
CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
NOT-FOR-US: RIOT-OS
CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
@@ -146335,8 +146338,8 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1033112)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.0-1 (bug #1033112)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1033113)
@@ -146346,6 +146349,7 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7)
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -146355,8 +146359,8 @@ CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1033112)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.0-1 (bug #1033112)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1033113)
@@ -146365,6 +146369,7 @@ CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -146374,8 +146379,8 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1033112)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.0-1 (bug #1033112)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1033113)
@@ -146384,6 +146389,7 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -146393,8 +146399,8 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- - r-cran-commonmark <unfixed> (bug #1033112)
- [bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
+ - r-cran-commonmark 1.9.0-1 (bug #1033112)
+ [bookworm] - r-cran-commonmark <ignored> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
[buster] - r-cran-commonmark <no-dsa> (Minor issue)
- ruby-commonmarker <unfixed> (bug #1033113)
@@ -146403,6 +146409,7 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
NOTE: https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
+ NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader ...)
@@ -154213,56 +154220,56 @@ CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for s
NOT-FOR-US: ChangingTec ServiSign
CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670
@@ -154305,7 +154312,7 @@ CVE-2022-44453
RESERVED
CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669
@@ -154318,14 +154325,14 @@ CVE-2022-43503
REJECTED
CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
NOTE: https://github.com/openbabel/openbabel/issues/2650
CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668
@@ -154412,7 +154419,7 @@ CVE-2022-41795
RESERVED
CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667
@@ -154456,7 +154463,7 @@ CVE-2022-40973
RESERVED
CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672
@@ -164714,7 +164721,7 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified
NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...)
- openbabel <unfixed> (bug #1059277)
- [bookworm] - openbabel <no-dsa> (Minor issue)
+ [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openbabel <no-dsa> (Minor issue)
[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db1c97c35c503cbbe7408d02f0371b56ebd2ad1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db1c97c35c503cbbe7408d02f0371b56ebd2ad1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241104/11a69bd4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list