Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05576d55 by security tracker role at 2023-09-10T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository
instantsoft/i ...)
+ TODO: check
+CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository
instantsoft/ic ...)
+ TODO: check
CVE-2023-4877 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: hamza417/inure
CVE-2023-4876 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
@@ -28,12 +32,14 @@ CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before
5.0.1 allows attacke
NOTE:
https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17
(v5.0.1)
TODO: to be checked if affects the embedded copy for openmpi
CVE-2023-4875 (Null pointer dereference when composing from a specially
crafted draft ...)
+ {DSA-5494-1}
- mutt 2.2.12-0.1 (bug #1051563)
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555
(mutt-2-2-12-rel)
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6
(mutt-2-2-12-rel)
NOTE:
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html
NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1
CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email
in Mut ...)
+ {DSA-5494-1}
- mutt 2.2.12-0.1 (bug #1051563)
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555
(mutt-2-2-12-rel)
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0
(mutt-2-2-12-rel)
@@ -56897,6 +56903,7 @@ CVE-2023-20902
CVE-2023-20901
RESERVED
CVE-2023-20900 (A malicious actor that has been granted Guest Operation
Privileges ht ...)
+ {DSA-5493-1}
- open-vm-tools 2:12.3.0-1 (bug #1050970)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
NOTE:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -56968,7 +56975,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware
Fusion (13.x) contain a sta
CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability
due to a ...)
NOT-FOR-US: VMware
CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail
to authen ...)
- {DLA-3531-1}
+ {DSA-5493-1 DLA-3531-1}
- open-vm-tools 2:12.2.5-1 (bug #1037546)
NOTE: https://www.vmware.com/security/advisories/VMSA-2023-0013.html
NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch
@@ -221063,6 +221070,7 @@ CVE-2020-22630
CVE-2020-22629
RESERVED
CVE-2020-22628 (Buffer Overflow vulnerability in LibRaw::stretch() function in
libraw\ ...)
+ {DLA-3560-1}
- libraw 0.20.0-4
NOTE: https://github.com/LibRaw/LibRaw/issues/269
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a
(0.20-RC2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05576d55aa648e34c333f6b9a99bfbd4b7b2d085
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05576d55aa648e34c333f6b9a99bfbd4b7b2d085
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
