Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: adfd2914 by Moritz Muehlenhoff at 2023-05-22T15:37:42+02:00 new c-ares issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,6 @@ +CVE-2023-32067 + - c-ares <unfixed> + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...) TODO: check CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...) @@ -1819,6 +1822,9 @@ CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer E NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31147 RESERVED + - c-ares <unfixed> (unimportant) + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 + NOTE: Any Debian system/port provides /dev/urandom CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...) @@ -1855,6 +1861,8 @@ CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based NOT-FOR-US: Greenplum Database CVE-2023-31130 RESERVED + - c-ares <unfixed> + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...) NOT-FOR-US: Contiki-NG CVE-2023-31128 @@ -1867,6 +1875,9 @@ CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser NOT-FOR-US: Engine.IO CVE-2023-31124 RESERVED + - c-ares <unfixed> (unimportant) + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 + NOTE: No impact on binaries shipped by Debian CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...) NOT-FOR-US: effectindex/tripreporter CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT belongin ...) ===================================== data/dsa-needed.txt ===================================== @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk -- +c-ares +-- cinder -- gpac (aron) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adfd2914e945ab7dbc37050b375bdd0238d7ef89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adfd2914e945ab7dbc37050b375bdd0238d7ef89 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
