[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 23 May 2023 13:17:01 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
54f50b7a by Moritz Mühlenhoff at 2023-05-23T22:16:30+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1425,6 +1425,7 @@ CVE-2023-2426 (Use of Out-of-range Pointer Offset in 
GitHub repository vim/vim p
        NOTE: 
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b 
(v9.0.1499)
 CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates 
when con ...)
        - libgitlab-api-v4-perl <unfixed> (bug #954051)
+       [bookworm] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
        [bullseye] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
        [buster] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
        NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57
@@ -19749,6 +19750,7 @@ CVE-2015-10073 (A vulnerability, which was classified 
as problematic, was found
        NOT-FOR-US: WikiSEO
 CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows 
attackers to ...)
        - harfbuzz <unfixed> (bug #1030612)
+       [bookworm] - harfbuzz <no-dsa> (Minor issue)
        [bullseye] - harfbuzz <no-dsa> (Minor issue)
        [buster] - harfbuzz <no-dsa> (Minor issue)
        NOTE: Original fix: 
https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
@@ -88860,6 +88862,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code 
execution via a .php file in the
        NOTE: 
https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e
 (v0.8.0)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling 
on STYLE ...)
        - libowasp-antisamy-java <unfixed> (bug #1010154)
+       [bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -88868,6 +88871,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS 
via HTML tag smuggling on
        NOTE: 
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
 (v1.6.7)
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service 
via crafte ...)
        - libowasp-antisamy-java <unfixed> (bug #1010154)
+       [bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
        [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -148133,6 +148137,7 @@ CVE-2021-32851 (Mind-elixir is a free, open source 
mind map core. Prior to versi
        NOT-FOR-US: Mind-elixir
 CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to 
version  ...)
        - jquery-minicolors <unfixed> (bug #1031791)
+       [bookworm] - jquery-minicolors <no-dsa> (Minor issue)
        [bullseye] - jquery-minicolors <no-dsa> (Minor issue)
        [buster] - jquery-minicolors <no-dsa> (Minor issue)
        NOTE: 
https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/
@@ -151122,6 +151127,7 @@ CVE-2021-31812 (In Apache PDFBox, a carefully crafted 
PDF file can trigger an in
        [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
        [buster] - libpdfbox2-java <no-dsa> (Minor issue)
        - libpdfbox-java <unfixed> (bug #991527)
+       [bookworm] - libpdfbox-java <no-dsa> (Minor issue)
        [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
        [buster] - libpdfbox-java <no-dsa> (Minor issue)
        [stretch] - libpdfbox-java <no-dsa> (Minor issue)
@@ -151132,6 +151138,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted 
PDF file can trigger an Ou
        [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
        [buster] - libpdfbox2-java <no-dsa> (Minor issue)
        - libpdfbox-java <unfixed> (bug #991527)
+       [bookworm] - libpdfbox-java <no-dsa> (Minor issue)
        [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
        [buster] - libpdfbox-java <no-dsa> (Minor issue)
        [stretch] - libpdfbox-java <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f50b7af0ec660fcb46d813e438a63f3b27add8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f50b7af0ec660fcb46d813e438a63f3b27add8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to