Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52b88c21 by Thorsten Alteholz at 2023-07-01T23:52:51+02:00
mark CVE-2023-36675 as not-affected for Buster
- - - - -
39800307 by Thorsten Alteholz at 2023-07-01T23:58:37+02:00
add mediawiki
- - - - -
315f6018 by Thorsten Alteholz at 2023-07-01T23:59:12+02:00
update note
- - - - -
573a8110 by Thorsten Alteholz at 2023-07-02T00:05:14+02:00
mark CVE-2023-25515 and CVE-2023-25516 as postponed for Buster
- - - - -
4846fbed by Thorsten Alteholz at 2023-07-02T00:13:22+02:00
mark CVE-2023-36464 as not-affected for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -411,6 +411,7 @@ CVE-2023-36464 (pypdf is an open source, pure-python PDF
library. In affected ve
- pypdf2 <unfixed>
[bookworm] - pypdf2 <no-dsa> (Minor issue)
[bullseye] - pypdf2 <no-dsa> (Minor issue)
+ [buster] - pypdf2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/py-pdf/pypdf/pull/969
NOTE: https://github.com/py-pdf/pypdf/pull/1828
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8
@@ -663,6 +664,7 @@ CVE-2023-2992 (An unauthenticated denial of service
vulnerability exists in the
NOT-FOR-US: Lenovo
CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x
through 1. ...)
- mediawiki 1:1.39.4-1
+ [buster] - mediawiki <not-affected> (partial blocking was introduced in
1.33)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
NOTE: https://phabricator.wikimedia.org/T332889
CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS.
list-preamble.foil.php, page ...)
@@ -23511,10 +23513,12 @@ CVE-2023-25516
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free
not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers <unfixed> (bug #1039678)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit
when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the
PCIe contro ...)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686)
@@ -23533,10 +23537,12 @@ CVE-2023-25515 (NVIDIA Jetson contains a
vulnerability in CBoot, where the PCIe
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free
not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers <unfixed> (bug #1039678)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit
when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug
#1034799)
=====================================
data/dla-needed.txt
=====================================
@@ -114,6 +114,9 @@ libusrsctp (rouca)
linux (Ben Hutchings)
NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
--
+mediawiki
+ NOTE: 20230701: Added by Front-Desk (ta)
+--
nova
NOTE: 20230302: Re-add, request by maintainer (Beuc)
NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific
CVE-2022-47951 backport that introduces regression
@@ -194,7 +197,7 @@ renderdoc
ring (Thorsten Alteholz)
NOTE: 20221120: Added by Front-Desk (ta)
NOTE: 20230507: testing package
- NOTE: 20230619: testing package, not all tests pass yet
+ NOTE: 20230701: testing package, not all tests pass yet
--
ruby-doorkeeper (Chris Lamb)
NOTE: 20230618: Added by Front-Desk (opal)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
