Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a85187f8 by Moritz Muehlenhoff at 2023-03-15T19:07:14+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -123601,6 +123601,7 @@ CVE-2021-38085 (The Canon TR150 print driver through
3.71.2.10 is vulnerable to
NOT-FOR-US: Canon
CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail
Server b ...)
- courier <unfixed> (bug #989375)
+ [bookworm] - courier <no-dsa> (Minor issue)
[bullseye] - courier <no-dsa> (Minor issue)
[buster] - courier <no-dsa> (Minor issue)
[stretch] - courier <postponed> (Minor issue, include in next update)
@@ -230813,9 +230814,10 @@ CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow
XSS via the index.asp Devic
CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of
cyrus-sasl ...)
- cyrus-sasl2 <not-affected> (openSUSE specific packaging issue)
CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation
('Cross- ...)
- - open-build-service <unfixed> (bug #983576)
+ - open-build-service 2.9.4-4 (bug #983576)
[stretch] - open-build-service <postponed> (Minor issue, XSS in web app)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880
+ NOTE: With 2.9.4-4, the rails web frontend is no longer shipped,
marking as fixed version
CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS
Platform ...)
NOT-FOR-US: SuSE CaaS
CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource
vulnerability ...)
@@ -230836,14 +230838,16 @@ CVE-2020-8022 (A Incorrect Default Permissions
vulnerability in the packaging of
NOT-FOR-US: SAP
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build
Service allow ...)
{DLA-2545-1}
- - open-build-service <unfixed> (bug #983576)
+ - open-build-service 2.9.4-4 (bug #983576)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
NOTE:
https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb
+ NOTE: With 2.9.4-4, the rails web frontend is no longer shipped,
marking as fixed version
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation
vulnerab ...)
{DLA-2545-1}
- - open-build-service <unfixed> (bug #983576)
+ - open-build-service 2.9.4-4 (bug #983576)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
NOTE:
https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb
+ NOTE: With 2.9.4-4, the rails web frontend is no longer shipped,
marking as fixed version
CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
NOT-FOR-US: SAP
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the
SLES15-SP1-CHOST- ...)
@@ -293499,6 +293503,7 @@ CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs
attack ...)
- c3p0 <unfixed> (low; bug #927936)
+ [bookworm] - c3p0 <no-dsa> (Minor issue)
[bullseye] - c3p0 <no-dsa> (Minor issue)
[buster] - c3p0 <no-dsa> (Minor issue)
[stretch] - c3p0 <no-dsa> (Minor issue)
@@ -327340,11 +327345,12 @@ CVE-2018-12467 (Authorized users of the
openbuildservice before 2.9.4 could dele
NOTE: Fixed by:
https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
NOTE: Introduced by:
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-12466 (openSUSE openbuildservice before 9.2.4 allowed authenticated
users to ...)
- - open-build-service <unfixed> (bug #911797)
+ - open-build-service 2.9.4-4 (bug #911797)
[stretch] - open-build-service <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1098934
NOTE: Fixed by:
https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
NOTE: Introduced by:
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
+ NOTE: With 2.9.4-4, the rails web frontend is no longer shipped,
marking as fixed version
CVE-2018-12465 (An OS command injection vulnerability in the web
administration compon ...)
NOT-FOR-US: Micro Focus
CVE-2018-12464 (A SQL injection vulnerability in the web administration and
quarantine ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85187f840c5f028834e9be400833199da643682
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85187f840c5f028834e9be400833199da643682
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
