Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 52b88c21 by Thorsten Alteholz at 2023-07-01T23:52:51+02:00 mark CVE-2023-36675 as not-affected for Buster - - - - - 39800307 by Thorsten Alteholz at 2023-07-01T23:58:37+02:00 add mediawiki - - - - - 315f6018 by Thorsten Alteholz at 2023-07-01T23:59:12+02:00 update note - - - - - 573a8110 by Thorsten Alteholz at 2023-07-02T00:05:14+02:00 mark CVE-2023-25515 and CVE-2023-25516 as postponed for Buster - - - - - 4846fbed by Thorsten Alteholz at 2023-07-02T00:13:22+02:00 mark CVE-2023-36464 as not-affected for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -411,6 +411,7 @@ CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected ve - pypdf2 <unfixed> [bookworm] - pypdf2 <no-dsa> (Minor issue) [bullseye] - pypdf2 <no-dsa> (Minor issue) + [buster] - pypdf2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/py-pdf/pypdf/pull/969 NOTE: https://github.com/py-pdf/pypdf/pull/1828 NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8 @@ -663,6 +664,7 @@ CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the NOT-FOR-US: Lenovo CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) - mediawiki 1:1.39.4-1 + [buster] - mediawiki <not-affected> (partial blocking was introduced in 1.33) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 NOTE: https://phabricator.wikimedia.org/T332889 CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) @@ -23511,10 +23513,12 @@ CVE-2023-25516 [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679) - nvidia-graphics-drivers <unfixed> (bug #1039678) [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) - nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686) @@ -23533,10 +23537,12 @@ CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679) - nvidia-graphics-drivers <unfixed> (bug #1039678) [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) - nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799) ===================================== data/dla-needed.txt ===================================== @@ -114,6 +114,9 @@ libusrsctp (rouca) linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- +mediawiki + NOTE: 20230701: Added by Front-Desk (ta) +-- nova NOTE: 20230302: Re-add, request by maintainer (Beuc) NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression @@ -194,7 +197,7 @@ renderdoc ring (Thorsten Alteholz) NOTE: 20221120: Added by Front-Desk (ta) NOTE: 20230507: testing package - NOTE: 20230619: testing package, not all tests pass yet + NOTE: 20230701: testing package, not all tests pass yet -- ruby-doorkeeper (Chris Lamb) NOTE: 20230618: Added by Front-Desk (opal) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits