[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 24 Feb 2023 05:41:50 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d4d1ee1f by Moritz Muehlenhoff at 2023-02-24T14:41:20+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96080,6 +96080,7 @@ CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the 
XMLDocument::getRoot function
        [bullseye] - svgpp <no-dsa> (Minor issue)
        [buster] - svgpp <no-dsa> (Minor issue)
        NOTE: https://github.com/svgpp/svgpp/issues/101
+       NOTE: 
https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
 CVE-2021-44959
        RESERVED
 CVE-2021-44958
@@ -119123,6 +119124,7 @@ CVE-2021-37746 (textview_uri_security_check in 
textview.c in Claws Mail before 3
        [buster] - claws-mail <no-dsa> (Minor issue)
        [stretch] - claws-mail <no-dsa> (Minor issue)
        - sylpheed <unfixed> (bug #991723)
+       [bookworm] - sylpheed <no-dsa> (Minor issue)
        [bullseye] - sylpheed <no-dsa> (Minor issue)
        [buster] - sylpheed <no-dsa> (Minor issue)
        [stretch] - sylpheed <no-dsa> (Minor issue)
@@ -178621,6 +178623,7 @@ CVE-2020-26881
        RESERVED
 CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation 
from the s ...)
        - sympa <unfixed> (bug #972114)
+       [bookworm] - sympa <postponed> (Revisit when fixed upstream; most 
setups mitigated)
        [bullseye] - sympa <postponed> (Revisit when fixed upstream; most 
setups mitigated)
        [buster] - sympa <postponed> (Revisit when fixed upstream; most setups 
mitigated)
        [stretch] - sympa <postponed> (Mitigated, revisit when fixed upstream)
@@ -207645,6 +207648,7 @@ CVE-2020-14305 (An out-of-bounds memory write flaw 
was found in how the Linux ke
        NOTE: 
https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
 CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's 
ethernet driv ...)
        - linux <unfixed> (bug #960702)
+       [bookworm] - linux <ignored> (Minor issue)
        [bullseye] - linux <ignored> (Minor issue)
        [buster] - linux <ignored> (Minor issue)
 CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions 
before  ...)
@@ -257984,6 +257988,7 @@ CVE-2019-15214 (An issue was discovered in the Linux 
kernel before 5.0.10. There
        [stretch] - linux 4.9.184-1
 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. 
There is a u ...)
        - linux <unfixed>
+       [bookworm] - linux <postponed> (Revisit when correctly fixed upstream)
        [bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -320576,6 +320581,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko 
filesystem driver in the L
        [jessie] - linux <ignored> (ntfs is not supportable)
 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was 
discovered  ...)
        - linux <unfixed> (low)
+       [bookworm] - linux <ignored> (Minor issue)
        [bullseye] - linux <ignored> (Minor issue)
        [buster] - linux <ignored> (Minor issue)
        [stretch] - linux <ignored> (Minor issue)
@@ -324109,33 +324115,21 @@ CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 
devices have Cleartext Passwo
 CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable 
Session ID ...)
        NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
 CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit 
(TSK) from r ...)
-       - sleuthkit <unfixed> (low; bug #902187)
-       [bullseye] - sleuthkit <ignored> (Minor issue)
-       [buster] - sleuthkit <ignored> (Minor issue)
-       [stretch] - sleuthkit <no-dsa> (Minor issue)
-       [jessie] - sleuthkit <no-dsa> (Minor issue)
+       - sleuthkit <unfixed> (unimportant; bug #902187)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
+       NOTE: Negligible security impact
 CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) 
from re ...)
-       - sleuthkit <unfixed> (low; bug #902187)
-       [bullseye] - sleuthkit <ignored> (Minor issue)
-       [buster] - sleuthkit <ignored> (Minor issue)
-       [stretch] - sleuthkit <no-dsa> (Minor issue)
-       [jessie] - sleuthkit <no-dsa> (Minor issue)
+       - sleuthkit <unfixed> (unimportant; bug #902187)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
+       NOTE: Negligible security impact
 CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) 
from rel ...)
-       - sleuthkit <unfixed> (low; bug #902187)
-       [bullseye] - sleuthkit <ignored> (Minor issue)
-       [buster] - sleuthkit <ignored> (Minor issue)
-       [stretch] - sleuthkit <no-dsa> (Minor issue)
-       [jessie] - sleuthkit <no-dsa> (Minor issue)
+       - sleuthkit <unfixed> (unimportant; bug #902187)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
+       NOTE: Negligible security impact
 CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) 
from rel ...)
-       - sleuthkit <unfixed> (low; bug #902187)
-       [bullseye] - sleuthkit <ignored> (Minor issue)
-       [buster] - sleuthkit <ignored> (Minor issue)
-       [stretch] - sleuthkit <no-dsa> (Minor issue)
-       [jessie] - sleuthkit <no-dsa> (Minor issue)
+       - sleuthkit <unfixed> (unimportant; bug #902187)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
+       NOTE: Negligible security impact
 CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue 
which can  ...)
        - ruby-ffi <not-affected> (Windows-specific)
 CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. 
/data/inc/images.p ...)
@@ -376212,6 +376206,7 @@ CVE-2017-1000047 (rbenv (all current versions) is 
vulnerable to Directory Traver
        [wheezy] - rbenv <no-dsa> (Minor issue)
        NOTE: https://github.com/rbenv/rbenv/issues/977
        NOTE: .ruby-version is .rbenv-version in wheezy
+       NOTE: 
https://github.com/rbenv/rbenv/commit/370c26a6c9ee0511972ea04904fcc89014a22987 
(v1.2.0)
 CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session 
cookies ...)
        NOT-FOR-US: Mautic
 CVE-2017-1000045



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to