Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
325afb9a by Moritz Muehlenhoff at 2023-04-27T16:53:06+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5324,6 +5324,8 @@ CVE-2023-29324
RESERVED
CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024
and 7.2 ...)
- opensmtpd <unfixed> (bug #1034178)
+ [bookworm] - opensmtpd <no-dsa> (Minor issue)
+ [bullseye] - opensmtpd <no-dsa> (Minor issue)
NOTE:
https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
CVE-2023-29322
RESERVED
@@ -10152,6 +10154,7 @@ CVE-2023-1256 (The listed versions of AVEVA Plant SCADA
and AVEVA Telemetry Serv
NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server
CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for
64 bit ...)
- openssl <unfixed> (bug #1034720)
+ [bookworm] - openssl <postponed> (Minor issue, fix along with next
security release)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb
@@ -46229,6 +46232,7 @@ CVE-2022-42965 (An exponential ReDoS (Regular
Expression Denial of Service) can
NOT-FOR-US: snowflake-connector-python
CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
- pymatgen <unfixed> (bug #1024017)
+ [bookworm] - pymatgen <no-dsa> (Minor issue)
NOTE:
https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
NOTE: https://github.com/materialsproject/pymatgen/issues/2755
CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
@@ -146011,6 +146015,8 @@ CVE-2021-32822 (The npm hbs package is an Express
view engine wrapper for Handle
NOT-FOR-US: Node hbs
CVE-2021-32821 (MooTools is a collection of JavaScript utilities for
JavaScript develo ...)
- mootools <unfixed> (bug #1032664)
+ [bookworm] - mootools <no-dsa> (Minor issue)
+ [bullseye] - mootools <no-dsa> (Minor issue)
[buster] - mootools <no-dsa> (Minor issue)
NOTE:
https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
NOTE: No plan to fix this upstream as upstream consider it too low
impact.
@@ -155182,6 +155188,7 @@ CVE-2021-29463 (Exiv2 is a command-line utility and
C++ library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of
UPnP de ...)
- pupnp-1.8 <unfixed> (bug #987326)
+ [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
@@ -158038,6 +158045,7 @@ CVE-2021-28303
RESERVED
CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the
denial o ...)
- pupnp-1.8 <unfixed> (bug #986833)
+ [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
@@ -223767,6 +223775,7 @@ CVE-2020-13849 (The MQTT protocol 3.1.1 requires a
server to set a timeout value
CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows
remote attac ...)
{DLA-2585-1 DLA-2238-1}
- pupnp-1.8 <unfixed> (bug #962282)
+ [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/325afb9a1284997efe475338d7551a6326a379ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/325afb9a1284997efe475338d7551a6326a379ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
