Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05fb674b by Moritz Muehlenhoff at 2023-06-20T14:59:40+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3184,6 +3184,7 @@ CVE-2023-2481 (Compiler removal of buffer clearing in
sli_se_opaque_import_k
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer
overflow in che ...)
{DLA-3434-1}
- sysstat <unfixed> (bug #1036294)
+ [bookworm] - sysstat <no-dsa> (Minor issue)
[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377
not applied)
NOTE: https://github.com/sysstat/sysstat/pull/360
NOTE:
https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
@@ -9848,6 +9849,7 @@ CVE-2023-29405 (The go command may execute arbitrary code
at build time when usi
- golang-1.19 1.19.10-2
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -9862,6 +9864,7 @@ CVE-2023-29404 (The go command may execute arbitrary code
at build time when usi
- golang-1.19 1.19.10-2
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -9873,6 +9876,7 @@ CVE-2023-29403 (On Unix platforms, the Go runtime does
not behave differently wh
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 1.19.10-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Limited support)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -9884,6 +9888,7 @@ CVE-2023-29402 (The go command may generate unexpected
code at build time when u
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 1.19.10-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -9892,6 +9897,8 @@ CVE-2023-29402 (The go command may generate unexpected
code at build time when u
NOTE:
https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f
(go.1.19.10)
CVE-2023-29401 (The filename parameter of the Context.FileAttachment function
is not p ...)
- golang-github-gin-gonic-gin <unfixed> (bug #1037530)
+ [bookworm] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+ [bullseye] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
[buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
NOTE: https://github.com/gin-gonic/gin/issues/3555
NOTE:
https://github.com/gin-gonic/gin/commit/2d4bbec941551479b1fdf1e54ece03e6e82a7e72
(v1.9.1)
@@ -9902,6 +9909,7 @@ CVE-2023-29400 (Templates containing actions in unquoted
HTML attributes (e.g. "
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
[bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
@@ -24843,6 +24851,7 @@ CVE-2023-24540 (Not all valid JavaScript whitespace
characters are considered to
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
[bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
@@ -24856,6 +24865,7 @@ CVE-2023-24539 (Angle brackets (<>) are not considered
dangerous characters when
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
[bullseye] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
@@ -24867,6 +24877,7 @@ CVE-2023-24538 (Templates do not properly consider
backticks (`) as Javascript s
[experimental] - golang-1.19 1.19.8-1
- golang-1.19 1.19.8-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye
DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -24878,6 +24889,7 @@ CVE-2023-24537 (Calling any of the Parse functions on
Go source code which conta
[experimental] - golang-1.19 1.19.8-1
- golang-1.19 1.19.8-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye
DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -24890,6 +24902,7 @@ CVE-2023-24536 (Multipart form parsing can consume
large amounts of CPU and memo
[experimental] - golang-1.19 1.19.8-1
- golang-1.19 1.19.8-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye
DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -24903,6 +24916,7 @@ CVE-2023-24534 (HTTP and MIME header parsing can
allocate large amounts of memor
[experimental] - golang-1.19 1.19.8-1
- golang-1.19 1.19.8-2
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye
DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -39782,6 +39796,8 @@ CVE-2022-46166 (Spring boot admins is an open source
administrative user interfa
NOT-FOR-US: Spring boot admins
CVE-2022-46165 (Syncthing is an open source, continuous file synchronization
program. ...)
- syncthing <unfixed> (bug #1037432)
+ [bookworm] - syncthing <no-dsa> (Minor issue)
+ [bullseye] - syncthing <no-dsa> (Minor issue)
NOTE:
https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h
NOTE:
https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238
(v1.23.5)
CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to
a plain ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+aom/oldstable
--
asterisk/oldstable
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05fb674b81bc54eac35f5b441e9a21d3a1a06968
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05fb674b81bc54eac35f5b441e9a21d3a1a06968
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
