[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 13 Apr 2023 12:01:32 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ae04ed3a by Moritz Muehlenhoff at 2023-04-13T21:00:53+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13503,6 +13503,7 @@ CVE-2023-0843
        RESERVED
 CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or 
add new p ...)
        - node-xml2js <unfixed> (bug #1034148)
+       [bullseye] - node-xml2js <no-dsa> (Minor issue)
        NOTE: https://fluidattacks.com/advisories/myers/
        NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
        NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
@@ -114742,33 +114743,40 @@ CVE-2021-43319 (Zoho ManageEngine Network 
Configuration Manager before 125488 is
 CVE-2021-43318
        RESERVED
 CVE-2021-43317 (A heap-based buffer overflows was discovered in upx, during 
the generi ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/380
        NOTE: 
https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43316 (A heap-based buffer overflow was discovered in upx, during the 
generic ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/381
        NOTE: 
https://github.com/upx/upx/commit/962c35aa08ef3dcee13d3f7ef6e2d845da912f25
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43315 (A heap-based buffer overflows was discovered in upx, during 
the generi ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/380
        NOTE: 
https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43314 (A heap-based buffer overflows was discovered in upx, during 
the generi ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/380
        NOTE: 
https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43313 (A heap-based buffer overflow was discovered in upx, during the 
variabl ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/378
        NOTE: 
https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43312 (A heap-based buffer overflow was discovered in upx, during the 
variabl ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/379
        NOTE: 
https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43311 (A heap-based buffer overflow was discovered in upx, during the 
generic ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/380
        NOTE: 
https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to 
craft a  ...)
        NOT-FOR-US: Keylime
 CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) 
can be tri ...)
@@ -248734,6 +248742,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux 
kernel before 5.3.9, when cpu.c
 CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to 
Escalation  ...)
        {DLA-3369-1}
        - runc 1.1.5+ds1-1 (bug #1033520)
+       [bullseye] - runc <no-dsa> (Minor issue)
        NOTE: https://github.com/opencontainers/runc/issues/3751
        NOTE: 
https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
        NOTE: 
https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9


=====================================
data/dsa-needed.txt
=====================================
@@ -36,6 +36,8 @@ php-horde-turba
 --
 py7zr
 --
+python-werkzeug
+--
 ring
   might make sense to rebase to current version
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae04ed3abf8cee70d58176f91eff1b15dc35589c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae04ed3abf8cee70d58176f91eff1b15dc35589c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to