[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 13 Apr 2023 07:12:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
765695dc by Moritz Muehlenhoff at 2023-04-13T16:09:55+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2098,11 +2098,13 @@ CVE-2023-29583
 CVE-2023-29582
        RESERVED
 CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation 
violatio ...)
-       - yasm <unfixed>
+       - yasm <unfixed> (unimportant)
        NOTE: https://github.com/yasm/yasm/issues/216
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation 
violatio ...)
-       - yasm <unfixed>
+       - yasm <unfixed> (unimportant)
        NOTE: https://github.com/yasm/yasm/issues/215
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-29579
        RESERVED
 CVE-2023-29578
@@ -4143,6 +4145,7 @@ CVE-2023-1691
        RESERVED
 CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in 
VLC and  ...)
        - ffmpeg 7:5.1.2-1
+       [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
 (n6.1-dev)
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda
 (n5.1.2)
 CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could 
leak thro ...)
@@ -5125,6 +5128,7 @@ CVE-2023-1545 (SQL Injection in GitHub repository 
nilsteampassnet/teampass prior
        - teampass <itp> (bug #730180)
 CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's 
paravirtual RD ...)
        - qemu <unfixed> (bug #1034179)
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
 CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 
allows a ...)
        {DSA-5379-1}
@@ -10488,10 +10492,12 @@ CVE-2023-26918
        RESERVED
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a 
NULL poin ...)
        - libyang2 <unfixed>
+       [bullseye] - libyang2 <no-dsa> (Minor issue)
        NOTE: https://github.com/CESNET/libyang/issues/1987
        NOTE: 
https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090
 (v2.1.55)
 CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a 
NULL poin ...)
        - libyang2 <unfixed> (bug #1034154)
+       [bullseye] - libyang2 <no-dsa> (Minor issue)
        NOTE: https://github.com/CESNET/libyang/issues/1979
        NOTE: 
https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096
 (v2.1.55)
 CVE-2023-26915
@@ -49422,6 +49428,7 @@ CVE-2022-40900
        RESERVED
 CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and 
earlier allow ...)
        - python-future <unfixed> (bug #1031699)
+       [bullseye] - python-future <no-dsa> (Minor issue)
        NOTE: https://github.com/PythonCharmers/python-future/pull/610
        NOTE: 
https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f
 (v0.18.3)
 CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 
0.37.1  ...)
@@ -53557,11 +53564,14 @@ CVE-2022-39210 (Nextcloud android is the official 
Android client for the Nextclo
        NOT-FOR-US: Nextcloud android
 CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and 
renderin ...)
        - cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
+       [bullseye] - cmark-gfm <no-dsa> (Minor issue)
        [buster] - cmark-gfm <no-dsa> (Minor issue)
        - python-cmarkgfm <unfixed>
+       [bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
        [buster] - python-cmarkgfm <no-dsa> (Minor issue)
        - ghostwriter 2.1.6+ds-1 (unimportant)
        - ruby-commonmarker <unfixed>
+       [bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
        [buster] - ruby-commonmarker <no-dsa> (Minor issue)
        - r-cran-commonmark 1.8.1-1
        [bullseye] - r-cran-commonmark <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to