bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 31 May 2023 02:29:45 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7ca642fa by Moritz Muehlenhoff at 2023-05-31T11:27:37+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -488,6 +488,8 @@ CVE-2023-2480 (Missing access permissions checks in M-Files 
Client before 23.5.1
        NOT-FOR-US: M-Files
 CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and 
earlier allo ...)
        - python-tornado <unfixed> (bug #1036875)
+       [bookworm] - python-tornado <no-dsa> (Minor issue)
+       [bullseye] - python-tornado <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
 (v6.3.2)
 CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) 
contains an ...)
        NOT-FOR-US: Wacom Tablet Driver installer
@@ -5420,12 +5422,11 @@ CVE-2023-30302
 CVE-2023-30301
        RESERVED
 CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes 
an infin ...)
-       - wabt <unfixed> (bug #1035686)
-       [bullseye] - wabt <no-dsa> (Minor issue)
-       [buster] - wabt <no-dsa> (Minor issue)
+       - wabt <unfixed> (unimportant; bug #1035686)
        NOTE: https://github.com/WebAssembly/wabt/issues/2180
        NOTE: https://github.com/WebAssembly/wabt/pull/2183
        NOTE: 
https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c
+       NOTE: Hang in CLI tool, no security impact
 CVE-2023-30299
        RESERVED
 CVE-2023-30298
@@ -8898,6 +8899,8 @@ CVE-2023-29000 (The Nextcloud Desktop Client is a tool to 
synchronize files from
        NOTE: https://hackerone.com/reports/1679267
 CVE-2023-28999 (Nextcloud is an open-source productivity platform. In 
Nextcloud Deskto ...)
        - nextcloud-desktop <unfixed> (bug #1034184)
+       [bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
+       [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8
        NOTE: https://github.com/nextcloud/desktop/pull/5560
@@ -47978,6 +47981,7 @@ CVE-2022-3591 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0789.)
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the 
pingback ...)
        - wordpress <unfixed> (bug #1033251)
+       [bookworm] - wordpress <no-dsa> (Minor issue)
        [bullseye] - wordpress <no-dsa> (Minor issue)
        [buster] - wordpress <postponed> (Minor issue)
        NOTE: 
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
@@ -54838,6 +54842,7 @@ CVE-2022-40900
        RESERVED
 CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and 
earlier allow ...)
        - python-future <unfixed> (bug #1031699)
+       [bookworm] - python-future <no-dsa> (Minor issue)
        [bullseye] - python-future <no-dsa> (Minor issue)
        [buster] - python-future <no-dsa> (Minor issue)
        NOTE: https://github.com/PythonCharmers/python-future/pull/610
@@ -143613,6 +143618,8 @@ CVE-2021-3611 (A stack overflow vulnerability was 
found in the Intel HD Audio de
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511
 (v7.0.0-rc1)
 CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in 
ImageMagick in ...)
        - imagemagick <unfixed>
+       [bookworm] - imagemagick <no-dsa> (Minor issue)
+       [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
        NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: 
https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a


=====================================
data/dsa-needed.txt
=====================================
@@ -75,6 +75,8 @@ salt
 --
 samba
 --
+sofia-sip
+--
 webkit2gtk
 --
 wpewebkit



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ca642fa3bd1e368c20b37d333878363e0a2ebb9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ca642fa3bd1e368c20b37d333878363e0a2ebb9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to