Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4ad4547 by Moritz Mühlenhoff at 2023-05-24T17:22:06+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3071,6 +3071,8 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are
vulnerable to user imperso
CVE-2023-2157
RESERVED
- imagemagick <unfixed> (bug #1036476)
+ [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b
(7.1.1-7)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673
(6.9.12-85)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux
kernel withi ...)
@@ -7709,6 +7711,7 @@ CVE-2023-1787 (An issue has been discovered in GitLab
affecting all versions sta
- gitlab <unfixed>
CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before
version 2 ...)
- cloud-init <unfixed> (bug #1035023)
+ [bookworm] - cloud-init <no-dsa> (Minor issue)
[bullseye] - cloud-init <no-dsa> (Minor issue)
[buster] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/cloud-init/+bug/2013967
@@ -11195,6 +11198,7 @@ CVE-2023-1371 (The W4 Post List WordPress plugin before
2.4.6 does not ensure th
CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a
performance f ...)
{DLA-3373-1}
- json-smart <unfixed> (bug #1033474)
+ [bookworm] - json-smart <no-dsa> (Minor issue)
[bullseye] - json-smart <no-dsa> (Minor issue)
NOTE:
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
NOTE:
https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
(2.4.9)
@@ -20268,6 +20272,7 @@ CVE-2023-0646 (A vulnerability classified as critical
was found in dst-admin 1.5
NOT-FOR-US: dst-admin
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a
specifical ...)
- jpeg-xl <unfixed> (bug #1034722)
+ [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE:
https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
@@ -55894,6 +55899,7 @@ CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to
Denial of ...)
- libwoodstox-java <unfixed> (bug #1032089)
+ [bookworm] - libwoodstox-java <no-dsa> (Minor issue)
[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
[buster] - libwoodstox-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/issues/304
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ad4547817109b99be975fea0f8b5e58ca10c7e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ad4547817109b99be975fea0f8b5e58ca10c7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
