[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 21 Feb 2023 10:04:42 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c102f0c6 by Moritz Muehlenhoff at 2023-02-21T19:04:11+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -82630,6 +82630,7 @@ CVE-2022-24600 (Luocms v2.0 is affected by SQL 
Injection through /admin/login.ph
        NOT-FOR-US: Luocms
 CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory 
leak vul ...)
        - audiofile <unfixed> (bug #1008017)
+       [bookworm] - audiofile <no-dsa> (Minor issue)
        [bullseye] - audiofile <no-dsa> (Minor issue)
        [buster] - audiofile <no-dsa> (Minor issue)
        [stretch] - audiofile <no-dsa> (Minor issue)
@@ -128644,6 +128645,7 @@ CVE-2021-33498 (Pexip Infinity before 26 allows 
remote denial of service because
        NOT-FOR-US: Pexip Infinity
 CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 
characters o ...)
        - keystone <unfixed> (bug #989998)
+       [bookworm] - keystone <no-dsa> (Minor issue)
        [bullseye] - keystone <no-dsa> (Minor issue)
        [buster] - keystone <no-dsa> (Minor issue)
        [stretch] - keystone <end-of-life> (Keystone is not supported in 
stretch)
@@ -265105,6 +265107,7 @@ CVE-2019-13148 (An issue was discovered in TRENDnet 
TEW-827DRU firmware before 2
        NOT-FOR-US: TRENDnet TEW-827DRU firmware
 CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one 
NULL poi ...)
        - audiofile <unfixed> (low; bug #931343)
+       [bookworm] - audiofile <no-dsa> (Minor issue)
        [bullseye] - audiofile <ignored> (Minor issue)
        [buster] - audiofile <ignored> (Minor issue)
        [stretch] - audiofile <no-dsa> (Minor issue)
@@ -268147,6 +268150,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 
1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
 CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows 
attackers to ...)
        - qemu <unfixed> (low; bug #972099)
+       [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
        [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
        [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
        - qemu-kvm <removed>
@@ -292230,8 +292234,9 @@ CVE-2018-20544 (There is floating point exception at 
caca/dither.c (function cac
        NOTE: https://github.com/cacalabs/libcaca/issues/36
        NOTE: Upstream fix: 
https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
 CVE-2018-20543 (There is an attempted excessive memory allocation at 
libxsmm_sparse_cs ...)
-       - libxsmm <unfixed> (bug #917573)
+       - libxsmm <unfixed> (unimportant; bug #917573)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652634
+       NOTE: Negligible security impact
 CVE-2018-20542 (There is a heap-based buffer-overflow at 
generator_spgemm_csc_reader.c ...)
        - libxsmm 1.17-1 (bug #917526)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652633



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c102f0c69020082f0c59095fd1dc85a128c3ee2b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c102f0c69020082f0c59095fd1dc85a128c3ee2b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to