Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
10a900d6 by Moritz Muehlenhoff at 2023-04-10T17:21:32+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3098,6 +3098,8 @@ CVE-2023-29142
RESERVED
CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x
through 1. ...)
- mediawiki <unfixed>
+ [bookworm] - mediawiki <no-dsa> (Minor issue)
+ [bullseye] - mediawiki <no-dsa> (Minor issue)
NOTE:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
NOTE: https://phabricator.wikimedia.org/T285159
CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for
MediaWi ...)
@@ -17063,6 +17065,7 @@ CVE-2023-0467 (The WP Dark Mode WordPress plugin before
4.0.8 does not properly
NOT-FOR-US: WordPress plugin
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to
implicit ...)
- openssl <unfixed>
+ [bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
@@ -17070,6 +17073,7 @@ CVE-2023-0466 (The function
X509_VERIFY_PARAM_add0_policy() is documented to imp
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
(OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying
certificates ...)
- openssl <unfixed>
+ [bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
@@ -17077,6 +17081,7 @@ CVE-2023-0465 (Applications that use a non-default
option when verifying certifi
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
- openssl <unfixed>
+ [bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
@@ -84938,6 +84943,7 @@ CVE-2022-28043
CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based
use-after-fr ...)
{DLA-3305-1}
- libstb <unfixed> (bug #1014531)
+ [bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1289
NOTE: https://github.com/nothings/stb/pull/1297
@@ -84948,6 +84954,7 @@ CVE-2022-28042 (stb_image.h v2.27 was discovered to
contain an heap-based use-af
CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer
overflow via th ...)
{DLA-3305-1}
- libstb <unfixed> (bug #1014531)
+ [bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1292
NOTE: https://github.com/nothings/stb/pull/1297
@@ -116734,6 +116741,7 @@ CVE-2021-42717 (ModSecurity 3.x through 3.0.5
mishandles excessively nested JSON
NOTE: Fixed by:
https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd
(v3.0.6)
CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM
loader incorr ...)
- libstb <unfixed> (bug #1014532)
+ [bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <not-affected> (Vulnerable code introduced later)
[buster] - libstb <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/nothings/stb/issues/1166
@@ -116744,6 +116752,7 @@ CVE-2021-42716 (An issue was discovered in stb
stb_image.h 2.27. The PNM loader
CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27.
The HDR ...)
{DLA-3305-1}
- libstb <unfixed> (bug #1014532)
+ [bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1224
NOTE: https://github.com/nothings/stb/pull/1223
@@ -133848,6 +133857,7 @@ CVE-2021-36490
RESERVED
CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows
attacker ...)
- allegro4.4 <unfixed> (bug #1032670)
+ [bookworm] - allegro4.4 <no-dsa> (Minor issue)
[bullseye] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro4.4 <no-dsa> (Minor issue)
- allegro5 2:5.2.8.0-1
@@ -161495,6 +161505,7 @@ CVE-2021-25744
RESERVED
CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences
containe ...)
- kubernetes <unfixed> (bug #1016441)
+ [bookworm] - kubernetes <no-dsa> (Minor issue)
[bullseye] - kubernetes <no-dsa> (Minor issue)
NOTE: https://github.com/kubernetes/kubernetes/issues/101695
CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user
that can ...)
@@ -161522,11 +161533,10 @@ CVE-2021-25736
RESERVED
- kubernetes <not-affected> (Windows-specific)
CVE-2021-25735 (A security issue was discovered in kube-apiserver that could
allow nod ...)
- - kubernetes <unfixed> (bug #990793)
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
+ - kubernetes 1.20.5+really1.20.2-1 (bug #990793)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
NOTE: https://github.com/kubernetes/kubernetes/issues/100096
- NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed
CVE-2021-25734
RESERVED
CVE-2021-25733
@@ -235783,10 +235793,9 @@ CVE-2020-8563 (In Kubernetes clusters using VSphere
as a cloud provider, with a
NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
NOTE: https://github.com/kubernetes/kubernetes/issues/95621
CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555,
Kubernetes att ...)
- - kubernetes <unfixed> (bug #990793)
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
+ - kubernetes 1.20.5+really1.20.2-1 (bug #990793)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
- NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed
CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that
contro ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a900d66c65b87a870a1a2878a32700b7ec3a72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a900d66c65b87a870a1a2878a32700b7ec3a72
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
