[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 19 May 2023 07:32:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
234c492e by Moritz Muehlenhoff at 2023-05-19T16:32:05+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5734,6 +5734,7 @@ CVE-2023-29660
        RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception 
exists in li ...)
        - libheif <unfixed> (bug #1035607)
+       [bullseye] - libheif <no-dsa> (Minor issue)
        NOTE: https://github.com/strukturag/libheif/issues/794
        NOTE: 
https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991
 (v1.15.2)
 CVE-2023-29658
@@ -8535,6 +8536,7 @@ CVE-2023-1625 [information leak in API]
        RESERVED
        [experimental] - heat 1:20.0.0~rc1-1
        - heat 1:19.0.0-2 (bug #1034186)
+       [bullseye] - heat <no-dsa> (Minor issue)
        [buster] - heat <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
        NOTE: https://review.opendev.org/c/openstack/heat/+/868166
@@ -21424,6 +21426,7 @@ CVE-2023-24531
 CVE-2023-24473 (An information disclosure vulnerability exists in the 
TGAInput::read_t ...)
        [experimental] - openimageio 2.4.9.0+dfsg-1
        - openimageio <unfixed> (bug #1034150)
+       [bullseye] - openimageio <no-dsa> (Minor issue)
        NOTE: https://github.com/OpenImageIO/oiio/pull/3768
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b
 (master)
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0
 (v2.4.8.1)
@@ -21431,12 +21434,14 @@ CVE-2023-24473 (An information disclosure 
vulnerability exists in the TGAInput::
 CVE-2023-24472 (A denial of service vulnerability exists in the 
FitsOutput::close() fu ...)
        [experimental] - openimageio 2.4.9.0+dfsg-1
        - openimageio <unfixed> (bug #1034151)
+       [bullseye] - openimageio <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6
 (master)
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750
 (v2.4.8.1)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709
 CVE-2023-22845 (An out-of-bounds read vulnerability exists in the 
TGAInput::decode_pix ...)
        [experimental] - openimageio 2.4.9.0+dfsg-1
        - openimageio <unfixed> (bug #1034150)
+       [bullseye] - openimageio <no-dsa> (Minor issue)
        NOTE: https://github.com/OpenImageIO/oiio/pull/3768
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b
 (master)
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0
 (v2.4.8.1)
@@ -67724,6 +67729,7 @@ CVE-2022-31471 (untangle is a python library to convert 
XML data to python objec
        NOTE: https://github.com/stchris/untangle/pull/94
 CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a 
certif ...)
        - dogtag-pki <unfixed> (bug #1034802)
+       [bullseye] - dogtag-pki <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
 CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is 
affected b ...)
        NOT-FOR-US: WordPress plugin
@@ -193942,9 +193948,10 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure 
Mail Client in Galaxkey up to
 CVE-2020-27508 (In two-factor authentication, the system also sending 2fa 
secret key i ...)
        NOT-FOR-US: Frappe Framework
 CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE 
requests with d ...)
-       - kamailio 5.5.3-1
-       NOTE: 
https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f
 (5.5.0)
+       - kamailio 5.4.2-1
        NOTE: https://github.com/kamailio/kamailio/issues/2503
+       NOTE: 
https://github.com/kamailio/kamailio/commit/f57c900b438f3233fa1e9a9d3ca8cd383a30baa6
 (5.4.2) (5.4 branch)
+       NOTE: 
https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f
 (5.5.0) (master branch)
 CVE-2020-27506
        RESERVED
 CVE-2020-27505


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk
 --
+cinder
+--
 cups-filters
 --
 gpac (aron)
@@ -37,6 +39,8 @@ netatalk
   open regression with MacOS, tentative patch not yet merged upstream
   See discussion on team mailing list.
 --
+nova
+--
 openjdk-11 (jmm)
 --
 openjdk-17 (jmm)
@@ -51,6 +55,10 @@ php-horde-turba
 --
 py7zr
 --
+python-glance-store
+--
+python-os-brick
+--
 python-werkzeug
 --
 ring



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234c492e44d69ad58d708c5a6f68a18c28eb3dab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234c492e44d69ad58d708c5a6f68a18c28eb3dab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to