Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0686f73 by Markus Koschany at 2023-04-17T00:08:33+02:00
CVE-2023-29383,shadow: Buster is no-dsa
Minor issue
- - - - -
f4dddb00 by Markus Koschany at 2023-04-17T00:48:02+02:00
CVE-2023-26555,ntp: Buster is no-dsa
Minor issue
- - - - -
ced44e69 by Markus Koschany at 2023-04-17T00:49:01+02:00
CVE-2022-48434,ffmpeg: Buster is postponed
- - - - -
85af2f26 by Markus Koschany at 2023-04-17T00:50:19+02:00
CVE-2023-28439,ckeditor3: Buster is EOL
- - - - -
92833122 by Markus Koschany at 2023-04-17T00:53:01+02:00
Triage cmark-gfm for Buster
- - - - -
abb9885e by Markus Koschany at 2023-04-17T00:57:47+02:00
Triage python-cmarkgfm for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3614,6 +3614,7 @@ CVE-2014-125094 (A vulnerability classified as
problematic was found in phpMiniA
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters
into field ...)
- shadow <unfixed> (bug #1034482)
[bullseye] - shadow <no-dsa> (Minor issue)
+ [buster] - shadow <no-dsa> (Minor issue)
NOTE: https://github.com/shadow-maint/shadow/pull/687
NOTE: Fixed by:
https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
NOTE:
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
@@ -4879,6 +4880,7 @@ CVE-2023-1691
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in
VLC and ...)
- ffmpeg 7:5.1.2-1
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
+ [buster] - ffmpeg <postponed> (Wait until the backport to 4.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
(n6.1-dev)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda
(n5.1.2)
CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could
leak thro ...)
@@ -6723,6 +6725,7 @@ CVE-2023-28440
CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor <unfixed> (bug #1034481)
- ckeditor3 <unfixed>
+ [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
NOTE:
https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef
(4.21.0)
CVE-2023-28438 (Pimcore is an open source data and experience management
platform. Pri ...)
@@ -11973,6 +11976,7 @@ CVE-2023-26556
CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has
an out-o ...)
- ntp <removed>
[bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver
for the Trimble Palisade GPS timing receiver)
+ [buster] - ntp <no-dsa> (Minor issue; affects only the clock driver for
the Trimble Palisade GPS timing receiver)
NOTE:
https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
CVE-2023-26554 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an
out-of-bounds write ...)
- ntp <removed> (unimportant)
@@ -12290,9 +12294,11 @@ CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1034171)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1034172)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1034173)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -17161,9 +17167,11 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1034171)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1034172)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1034173)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24721,9 +24729,11 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1033111)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1033112)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24736,9 +24746,11 @@ CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1033111)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1033112)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24750,9 +24762,11 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1033111)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1033112)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24764,9 +24778,11 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
- cmark-gfm <unfixed> (bug #1033110)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1033111)
[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
- r-cran-commonmark <unfixed> (bug #1033112)
[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22df26e14c974a755876f3fbeff37edba6dc5a9b...abb9885e87964da80fee6383d745e06691e32396
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22df26e14c974a755876f3fbeff37edba6dc5a9b...abb9885e87964da80fee6383d745e06691e32396
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
