Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37c9243b by Moritz Mühlenhoff at 2023-05-23T12:30:03+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -652,6 +652,7 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through
1.2.2, as used in Semgre
CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw
ouccers due t ...)
[experimental] - libvirt 9.3.0-1
- libvirt <unfixed> (bug #1036297)
+ [bookworm] - libvirt <no-dsa> (Minor issue)
[bullseye] - libvirt <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
NOTE: Fixed by:
https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
(v9.3.0)
@@ -1393,6 +1394,7 @@ CVE-2023-31485 (GitLab::API::v4 through 0.26 does not
verify TLS certificates wh
NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57
CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when
downloading ...)
- perl <unfixed> (bug #1035109)
+ [bookworm] - perl <no-dsa> (Minor issue)
[bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
NOTE: https://github.com/andk/cpanpm/pull/175
@@ -3530,6 +3532,7 @@ CVE-2023-30631
RESERVED
CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local
file. This ...)
- dmidecode <unfixed> (bug #1034483)
+ [bookworm] - dmidecode <no-dsa> (Minor issue)
[bullseye] - dmidecode <no-dsa> (Minor issue)
[buster] - dmidecode <no-dsa> (Minor issue)
NOTE: https://github.com/adamreiser/dmiwrite
@@ -8638,6 +8641,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before
4.5.4 leaves a connection
NOTE: https://github.com/redis/redis-py/pull/2641
CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling
an asyn ...)
- python-redis <unfixed> (bug #1033754)
+ [bookworm] - python-redis <no-dsa> (Minor issue)
[bullseye] - python-redis <not-affected> (Vulnerable code not present)
[buster] - python-redis <not-affected> (Vulnerable code introduced
later)
NOTE: https://github.com/redis/redis-py/issues/2624
@@ -9772,6 +9776,7 @@ CVE-2023-28532
RESERVED
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent
without ...)
- openssh <unfixed> (bug #1033166)
+ [bookworm] - openssh <no-dsa> (Minor issue)
[bullseye] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
[buster] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
CVE-2023-28530
@@ -12771,6 +12776,7 @@ CVE-2022-48364 (The undo_mark_statuses_as_sensitive
method in app/services/appro
- mastodon <itp> (bug #859741)
CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute
arbitrary ...)
- debian-goodies <unfixed> (bug #1031267)
+ [bookworm] - debian-goodies <no-dsa> (Minor issue; user prompted before
execution)
[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before
execution)
[buster] - debian-goodies <no-dsa> (Minor issue; user prompted before
execution)
CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository
icret/easyima ...)
@@ -18912,25 +18918,30 @@ CVE-2023-25516
CVE-2023-25515
RESERVED
CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+ - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug
#1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed> (bug #1034799)
+ - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed> (bug #1034799)
+ - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+ - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug
#1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL
pointer ...)
- - nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+ - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug
#1034799)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may
lead to ...)
NOT-FOR-US: NVIDIA DGX-1 SBIOS
CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler,
where a ...)
@@ -58068,9 +58079,11 @@ CVE-2022-39210 (Nextcloud android is the official
Android client for the Nextclo
NOT-FOR-US: Nextcloud android
CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
+ [bookworm] - cmark-gfm <no-dsa> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #1034887)
+ [bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ghostwriter 2.1.6+ds-1 (unimportant)
@@ -160665,6 +160678,7 @@ CVE-2021-28133 (Zoom through 5.5.4 sometimes allows
attackers to read private in
CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted
torrent file. ...)
[experimental] - deluge 2.1.1-1
- deluge <unfixed> (bug #1019594)
+ [bookworm] - deluge <no-dsa> (Minor issue)
[bullseye] - deluge <no-dsa> (Minor issue)
[buster] - deluge <no-dsa> (Minor issue)
NOTE: https://dev.deluge-torrent.org/ticket/3459
@@ -249545,6 +249559,7 @@ CVE-2020-5238 (The table extension in GitHub Flavored
Markdown before version 0.
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #965983)
+ [bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ruby-commonmarker 0.21.0-1 (bug #965981)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c9243b60ee472d7c0df765e2b5f6847f3a190f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c9243b60ee472d7c0df765e2b5f6847f3a190f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
