Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3602e8ab by Moritz Muehlenhoff at 2023-06-29T13:25:23+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,10 @@ CVE-2023-3327
REJECTED
CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected
versions ...)
- pypdf <unfixed>
+ [bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <unfixed>
+ [bookworm] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 <no-dsa> (Minor issue)
NOTE: https://github.com/py-pdf/pypdf/pull/969
NOTE: https://github.com/py-pdf/pypdf/pull/1828
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8
@@ -139,6 +142,8 @@ CVE-2023-3355 (A NULL pointer dereference flaw was found in
the Linux kernel's d
NOTE:
https://git.kernel.org/linus/d839f0811a31322c087a859c2b181e2383daa7be (6.3-rc1)
CVE-2023-3354 [VNC: improper I/O watch removal in TLS handshake can lead to
remote unauthenticated denial of service]
- qemu <unfixed>
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478
TODO: check, no details in RHBZ#2216478 on upstream status
CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository
plantuml/plant ...)
@@ -18867,6 +18872,8 @@ CVE-2023-26966
RESERVED
CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a
heap-ba ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf
(v4.5.1rc1)
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream
stacking occ ...)
@@ -23446,10 +23453,14 @@ CVE-2023-25436
RESERVED
CVE-2023-25435 (libtiff 4.5.0 is vulnerable to Buffer Overflow via
extractContigSample ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/518
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
(v4.5.1rc1)
CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via
extractContigSample ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/519
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
(v4.5.1rc1)
CVE-2023-25433
@@ -130104,6 +130115,7 @@ CVE-2021-41804
RESERVED
CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
properl ...)
- consul <unfixed> (bug #1034841)
+ [bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <not-affected> (Vulnerable Code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
NOTE:
https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b
(v1.11.9)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3602e8abefb17ee10f1f754326b2e265362e19d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3602e8abefb17ee10f1f754326b2e265362e19d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
