[Git][security-tracker-team/security-tracker][master] Triage python-reportlab for buster

Thu, 22 Jun 2023 00:41:52 -0700 


Jochen Sprickerhof pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3dd4ddd5 by Jochen Sprickerhof at 2023-06-22T09:36:55+02:00
Triage python-reportlab for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1762,8 +1762,10 @@ CVE-2023-33956 (Kanboard is open source project 
management software that focuses
        NOTE: 
https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd
 (v1.2.30)
 CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary 
code via ...)
        - python-reportlab 3.6.13-1
+       [buster] - python-reportlab <not-affected> (Vulnerable code not present)
        NOTE: https://docs.reportlab.com/releases/notes/whats-new-3613/
        NOTE: https://github.com/c53elyas/CVE-2023-33733
+       NOTE: Introduced by: 
https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3 (3.5.34)
 CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to 
v3.6.19.0823 al ...)
        NOT-FOR-US: EasyPlayerPro-Win
 CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an 
authenticated path ...)


=====================================
data/dla-needed.txt
=====================================
@@ -177,9 +177,6 @@ python-oslo.privsep
   NOTE: 20230525: CVE-2022-38065 has been marked as Won't-fix/Hardening 
opportunity.
   NOTE: 20230525: It was mentioned the fix was easy but tedious. It is 
consumer design flaw issue. (sgmoore)
 --
-python-reportlab
-  NOTE: 20230612: Added by Front-Desk (apo)
---
 python3.7 (Adrian Bunk)
   NOTE: 20230220: Added by Front-Desk (ola)
   NOTE: 20230228: Waiting for actual upstream fix for CVE-2023-24329. (bunk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd4ddd597c8d38f274ab018c419199e631d0374

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd4ddd597c8d38f274ab018c419199e631d0374
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to