bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 10 Jul 2023 08:25:42 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10e64aab by Moritz Muehlenhoff at 2023-07-10T17:25:16+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -382,6 +382,8 @@ CVE-2023-35939 (GLPI is a free asset and IT management 
software package. Startin
        NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup 
format to a ...)
        - pandoc <unfixed>
+       [bookworm] - pandoc <no-dsa> (Minor issue)
+       [bullseye] - pandoc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g
        NOTE: 
https://github.com/jgm/pandoc/commit/5e381e3878b5da87ee7542f7e51c3c1a7fd84b89 
(3.1.4)
 CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 
1.19.4.)
@@ -487,6 +489,8 @@ CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of 
TikaEncodingDetector in Ap
        NOT-FOR-US: Apache Any23
 CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of 
service]
        - qemu <unfixed>
+       [bookworm] - qemu <no-dsa> (Minor issue)
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
        NOTE: Proposed patch: 
https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
 CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs 
showed e ...)
@@ -786,9 +790,13 @@ CVE-2023-3478 (A vulnerability classified as critical was 
found in IBOS OA 4.5.5
        NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M 
argument is a ...)
        - hnswlib <unfixed>
+       [bookworm] - hnswlib <no-dsa> (Minor issue)
+       [bullseye] - hnswlib <no-dsa> (Minor issue)
        NOTE: https://github.com/nmslib/hnswlib/issues/467
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows 
JavaScript injec ...)
        - pacparser <unfixed>
+       [bookworm] - pacparser <no-dsa> (Minor issue)
+       [bullseye] - pacparser <no-dsa> (Minor issue)
        NOTE: 
https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9
        NOTE: 
https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e
 (v1.4.2)
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly 
sanitized in  ...)
@@ -24654,6 +24662,7 @@ CVE-2023-25400
        RESERVED
 CVE-2023-25399 (A refcounting issue which leads to potential memory leak was 
discovere ...)
        - scipy 1.10.0-2
+       [bullseye] - scipy <no-dsa> (Minor issue)
        NOTE: https://github.com/scipy/scipy/issues/16235
        NOTE: https://github.com/scipy/scipy/pull/16397
        NOTE: Fixed by: 
https://github.com/scipy/scipy/commit/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 
(v1.10.0rc1)
@@ -105049,10 +105058,14 @@ CVE-2022-24795 (yajl-ruby is a C binding to the 
YAJL JSON parsing and generation
        [buster] - ruby-yajl <no-dsa> (Minor issue)
        [stretch] - ruby-yajl <no-dsa> (Minor issue)
        - yajl 2.1.0-4 (bug #1040036)
+       [bookworm] - yajl <no-dsa> (Minor issue)
+       [bullseye] - yajl <no-dsa> (Minor issue)
        - burp <unfixed> (bug #1040146)
        - crun <unfixed> (bug #1040147)
        - epics-base <unfixed> (bug #1040159)
        - r-cran-jsonlite <unfixed> (bug #1040161)
+       [bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+       [bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
        - xqilla <unfixed> (bug #1040164)
        [bullseye] - xqilla <no-dsa> (Minor issue)
        NOTE: 
https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
@@ -382798,10 +382811,14 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for 
Ruby, when a crafted JSON file is
        [stretch] - ruby-yajl <no-dsa> (Minor issue)
        [jessie] - ruby-yajl <no-dsa> (Minor issue)
        - yajl 2.1.0-4 (bug #1040036)
+       [bookworm] - yajl <no-dsa> (Minor issue)
+       [bullseye] - yajl <no-dsa> (Minor issue)
        - burp <unfixed> (bug #1040146)
        - crun <unfixed> (bug #1040147)
        - epics-base <unfixed> (bug #1040159)
        - r-cran-jsonlite <unfixed> (bug #1040161)
+       [bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+       [bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
        - xqilla <unfixed> (bug #1040164)
        [bullseye] - xqilla <no-dsa> (Minor issue)
        NOTE: https://github.com/brianmario/yajl-ruby/issues/176



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10e64aabadd2744bb59ee1f8be5f869c5c5022d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10e64aabadd2744bb59ee1f8be5f869c5c5022d8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to