[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Fri, 16 Jun 2023 08:12:05 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5113f761 by Moritz Muehlenhoff at 2023-06-16T17:11:32+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -772,6 +772,7 @@ CVE-2023-34096 (Thruk is a multibackend monitoring 
webinterface which currently
        NOT-FOR-US: Thruk
 CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the 
Common Print ...)
        - cpdb-libs <unfixed>
+       [bookworm] - cpdb-libs <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
        NOTE: Fixed by: 
https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
        NOTE: 1.2.x version predate the upstream commit 3f66d47252d5 
("print_frontend: Use
@@ -818,8 +819,8 @@ CVE-2023-2866 (If an attacker can trick an authenticated 
user into loading a mal
        NOT-FOR-US: Advantech
 CVE-2023-3153 [service monitor MAC flow is not rate limited]
        - ovn <unfixed>
+       [bookworm] - ovn <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
-       TODO: check details
 CVE-2023-3152 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester Online Discussion Forum Site
 CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
@@ -1247,6 +1248,7 @@ CVE-2023-34414
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34414
 CVE-2023-XXXX [RUSTSEC-2023-0041]
        - rust-trust-dns-server <unfixed>
+       [bookworm] - rust-trust-dns-server <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0041.html
        NOTE: https://github.com/bluejekyll/trust-dns/pull/1952
        NOTE: 
https://github.com/bluejekyll/trust-dns/commit/217974c0544483efe0c648befabb25bf88242716
@@ -1378,6 +1380,7 @@ CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust 
and Crab allows a denial
        NOTE: Fixed by: 
https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c 
(0.8.14)
 CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 
6.2.9, and 6. ...)
        - qt6-base 6.4.2+dfsg-11 (bug #1037209)
+       [bookworm] - qt6-base <no-dsa> (Minor issue)
        - qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
        - qtbase-opensource-src-gles <unfixed>
        [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -11252,6 +11255,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive 
Information vulnerability in
        NOT-FOR-US: ForgeRock
 CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior 
to 2.4 ...)
        - gpac <unfixed> (bug #1034187)
+       [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
        NOTE: 
https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4
@@ -17292,6 +17296,7 @@ CVE-2023-27044
        RESERVED
 CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses 
e-mail ad ...)
        - python3.11 <unfixed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.10 <unfixed>
        - python3.9 <removed>
        - python3.7 <removed>
@@ -25205,6 +25210,7 @@ CVE-2023-24330
        RESERVED
 CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 
allows  ...)
        - python3.11 3.11.4-1
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        [bullseye] - python3.9 <no-dsa> (Minor issue)
        - python3.7 <removed>
@@ -36703,6 +36709,7 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was 
discovered to contain a SQL
        NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary 
file read  ...)
        - nagvis 1:1.9.34-1
+       [bullseye] - nagvis <no-dsa> (Minor issue)
        NOTE: 
https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a
 (nagvis-1.9.34)
 CVE-2022-46944
        RESERVED


=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,8 @@ ring
 ruby2.7/oldstable
   Utkarsh Gupta offered help in preparing updates
 --
+ruby3.1/stable
+--
 ruby-nokogiri/oldstble
 --
 ruby-rack/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5113f761d99bed0d46673be23cd7055d5e790e60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5113f761d99bed0d46673be23cd7055d5e790e60
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to