[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 19 May 2023 04:37:12 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b8c47a99 by Moritz Muehlenhoff at 2023-05-19T13:36:01+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -691,6 +691,7 @@ CVE-2023-2641 (A vulnerability was found in SourceCodester 
Online Internship Man
        NOT-FOR-US: SourceCodester Online Internship Management System
 CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The 
in-toto  ...)
        - in-toto <unfixed> (bug #1035934)
+       [bullseye] - in-toto <no-dsa> (Minor issue)
        NOTE: 
https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf
        NOTE: 
https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59
 (v2.0.0)
        NOTE: 
https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325
 (v2.0.0)
@@ -8397,6 +8398,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 
4.5.4 leaves a connection
        NOTE: https://github.com/redis/redis-py/pull/2641
 CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling 
an asyn ...)
        - python-redis <unfixed> (bug #1033754)
+       [bullseye] - python-redis <not-affected> (Vulnerable code not present)
        [buster] - python-redis <not-affected> (Vulnerable code introduced 
later)
        NOTE: https://github.com/redis/redis-py/issues/2624
        NOTE: https://github.com/redis/redis-py/pull/2641
@@ -11067,6 +11069,7 @@ CVE-2023-28116 (Contiki-NG is an open-source, 
cross-platform operating system fo
        NOT-FOR-US: Contiki-NG
 CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF 
generation ...)
        - civicrm <unfixed> (bug #1036284)
+       [bullseye] - civicrm <no-dsa> (Minor issue)
        NOTE: 
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
        NOTE: https://github.com/KnpLabs/snappy/pull/469
        NOTE: 
https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6
 (v1.4.2)


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk
 --
+cups-filters
+--
 gpac (aron)
 --
 jupyter-core



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8c47a9986b10c61e647714f34ee02c1f869f5dd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8c47a9986b10c61e647714f34ee02c1f869f5dd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to