Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a6be8e4 by Moritz Muehlenhoff at 2023-06-16T10:57:12+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1372,6 +1372,8 @@ CVE-2023-34410 (An issue was discovered in Qt before
5.15.15, 6.x before 6.2.9,
- qt6-base 6.4.2+dfsg-11 (bug #1037209)
- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
- qtbase-opensource-src-gles <unfixed>
+ [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qt4-x11 <removed>
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477560
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/480002
@@ -2485,6 +2487,8 @@ CVE-2023-32685 (Kanboard is project management software
that focuses on the Kanb
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has
been le ...)
- requests <unfixed> (bug #1036693)
+ [bookworm] - requests <no-dsa> (Minor issue)
+ [bullseye] - requests <no-dsa> (Minor issue)
NOTE:
https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
NOTE: Fixed by:
https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
(v2.31.0)
CVE-2023-31763 (Weak security in the transmitter of AGShome Smart Alarm v1.0
allows at ...)
@@ -2685,6 +2689,8 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before
5.15.14, 6.x before 6.2
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-11
- qtbase-opensource-src-gles <unfixed>
+ [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644
CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends
the same ...)
NOT-FOR-US: Nissan Sylphy Classic 2021
@@ -3639,6 +3645,8 @@ CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x
before 6.2.9, and 6.3.
CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition
that ca ...)
[experimental] - dav1d 1.2.0-1
- dav1d 1.2.1-2 (bug #1035950)
+ [bookworm] - dav1d <no-dsa> (Minor issue)
+ [bullseye] - dav1d <no-dsa> (Minor issue)
NOTE:
https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa
(1.2.0)
CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations
Manager (VIOM) ...)
NOT-FOR-US: Veritas InfoScale Operations Manager
@@ -11396,18 +11404,18 @@ CVE-2023-1637 (A flaw that boot CPU could be
vulnerable for the speculative exec
NOTE:
https://git.kernel.org/linus/e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (5.18-rc2)
CVE-2023-1636 [incomplete container isolation]
RESERVED
- - barbican <unfixed>
+ - barbican <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181765
- TODO: check, possibly RedHat downstream RHOSP specific, RedHat
clarifying with reporter
+ NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with
reporter
CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared
as probl ...)
NOT-FOR-US: OTCMS
CVE-2023-1634 (A vulnerability was found in OTCMS 6.72. It has been classified
as cri ...)
NOT-FOR-US: OTCMS
CVE-2023-1633 [Insecure Barbican configuration file leaking credential]
RESERVED
- - barbican <unfixed>
+ - barbican <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181761
- TODO: check, possibly RedHat downstream RHOSP specific, RedHat
clarifying with reporter
+ NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with
reporter
CVE-2023-1632 (** DISPUTED ** A vulnerability has been found in Ellucian
Banner Web T ...)
NOT-FOR-US: Ellucian Banner Web Tailor
CVE-2023-1631 (A vulnerability, which was classified as problematic, was found
in Jia ...)
@@ -24530,6 +24538,7 @@ CVE-2023-24531
CVE-2023-24473 (An information disclosure vulnerability exists in the
TGAInput::read_t ...)
[experimental] - openimageio 2.4.9.0+dfsg-1
- openimageio <unfixed> (bug #1034150)
+ [bookworm] - openimageio <no-dsa> (Minor issue)
[bullseye] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/OpenImageIO/oiio/pull/3768
NOTE:
https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b
(master)
@@ -24538,6 +24547,7 @@ CVE-2023-24473 (An information disclosure vulnerability
exists in the TGAInput::
CVE-2023-24472 (A denial of service vulnerability exists in the
FitsOutput::close() fu ...)
[experimental] - openimageio 2.4.9.0+dfsg-1
- openimageio <unfixed> (bug #1034151)
+ [bookworm] - openimageio <no-dsa> (Minor issue)
[bullseye] - openimageio <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6
(master)
NOTE:
https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750
(v2.4.8.1)
@@ -24545,6 +24555,7 @@ CVE-2023-24472 (A denial of service vulnerability
exists in the FitsOutput::clos
CVE-2023-22845 (An out-of-bounds read vulnerability exists in the
TGAInput::decode_pix ...)
[experimental] - openimageio 2.4.9.0+dfsg-1
- openimageio <unfixed> (bug #1034150)
+ [bookworm] - openimageio <no-dsa> (Minor issue)
[bullseye] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/OpenImageIO/oiio/pull/3768
NOTE:
https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b
(master)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a6be8e4b80e44f831669228a7bb02318d94ae36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a6be8e4b80e44f831669228a7bb02318d94ae36
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
