Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c8307b7 by Moritz Muehlenhoff at 2023-05-30T15:52:13+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4212,6 +4212,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK for
inserting a Matrix cha
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In
affected ...)
{DLA-3425-1}
- sqlparse <unfixed> (bug #1034615)
+ [bookworm] - sqlparse <no-dsa> (Minor issue)
[bullseye] - sqlparse <no-dsa> (Minor issue)
NOTE:
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
NOTE: Introduced by:
https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
(0.1.15)
@@ -7426,6 +7427,7 @@ CVE-2023-29400 (Templates containing actions in unquoted
HTML attributes (e.g. "
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
+ [bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
@@ -9184,6 +9186,7 @@ CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection
exists in the searchAll
NOT-FOR-US: Cerebrate
CVE-2023-28882 (Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows
a denial ...)
- modsecurity 3.0.9-1 (bug #1035083)
+ [bookworm] - modsecurity <no-dsa> (Minor issue)
[bullseye] - modsecurity <not-affected> (Vulnerable code not present)
[buster] - modsecurity <not-affected> (Vulnerable code not present)
NOTE:
https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/
@@ -11041,6 +11044,7 @@ CVE-2023-28372
RESERVED
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that
are typic ...)
- stellarium <unfixed> (bug #1034183)
+ [bookworm] - stellarium <no-dsa> (Minor issue)
[bullseye] - stellarium <no-dsa> (Minor issue)
[buster] - stellarium <no-dsa> (Minor issue)
NOTE:
https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7
@@ -11805,6 +11809,7 @@ CVE-2023-28155 (The Request package through 2.88.1 for
Node.js allows a bypass o
NOTE: https://github.com/request/request/issues/3442
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object
access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
+ [bookworm] - node-webpack <no-dsa> (Minor issue)
[bullseye] - node-webpack 4.43.0-6+deb11u1
[buster] - node-webpack <no-dsa> (Minor issue)
NOTE: https://github.com/webpack/webpack/pull/16500
@@ -22328,6 +22333,7 @@ CVE-2023-24540 (Not all valid JavaScript whitespace
characters are considered to
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
+ [bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
@@ -22338,6 +22344,7 @@ CVE-2023-24539 (Angle brackets (<>) are not considered
dangerous characters when
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
- golang-1.19 <unfixed>
+ [bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c8307b7263b8114a9c9f4b6b0e02106fcbcf3fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c8307b7263b8114a9c9f4b6b0e02106fcbcf3fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
