bullseye triage

Moritz Muehlenhoff (@jmm) Sat, 22 Jul 2023 11:21:18 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8e9b0974 by Moritz Muehlenhoff at 2023-07-22T20:20:45+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2810,11 +2810,15 @@ CVE-2023-36144 (An authentication bypass in Intelbras 
Switch SG 2404 MR in firmw
        NOT-FOR-US: Intelbras
 CVE-2023-35947 (Gradle is a build tool with a focus on build automation and 
support fo ...)
        - gradle <unfixed> (bug #1041424)
+       [bookworm] - gradle <no-dsa> (Minor issue)
+       [bullseye] - gradle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842
        NOTE: 
https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879
 (v8.2.0-RC3)
        NOTE: 
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91
 (v8.2.0-RC3)
 CVE-2023-35946 (Gradle is a build tool with a focus on build automation and 
support fo ...)
        - gradle <unfixed> (bug #1041424)
+       [bookworm] - gradle <no-dsa> (Minor issue)
+       [bullseye] - gradle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v
        NOTE: 
https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d
 (v8.2.0-RC3)
        NOTE: 
https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12
 (v8.2.0-RC3)
@@ -3275,10 +3279,14 @@ CVE-2023-3354 (A flaw was found in the QEMU built-in 
VNC server. When a client c
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html
 CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository 
plantuml/plant ...)
        - plantuml <unfixed> (bug #1040000)
+       [bookworm] - plantuml <no-dsa> (Minor issue)
+       [bullseye] - plantuml <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/
        NOTE: 
https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797
 (v1.2023.9)
 CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml 
prior t ...)
        - plantuml <unfixed> (bug #1039999)
+       [bookworm] - plantuml <no-dsa> (Minor issue)
+       [bullseye] - plantuml <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/
        NOTE: 
https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e
 (v1.2023.9)
 CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 
23.6.12 ...)
@@ -18042,6 +18050,8 @@ CVE-2023-1387 (Grafana is an open-source platform for 
monitoring and observabili
 CVE-2023-1386 [9pfs: SUID/SGID bits not dropped on file write]
        RESERVED
        - qemu <unfixed>
+       [bookworm] - qemu <no-dsa> (Minor issue)
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: https://github.com/v9fs/linux/issues/29
 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing 
due to  ...)
        NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
@@ -96035,6 +96045,8 @@ CVE-2022-26838
        RESERVED
 CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository 
plantu ...)
        - plantuml <unfixed> (bug #1039989)
+       [bookworm] - plantuml <no-dsa> (Minor issue)
+       [bullseye] - plantuml <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/
        NOTE: 
https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903
 (v1.2022.4)
 CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary 
code on ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -40,8 +40,12 @@ nodejs
 nova/oldstable
 --
 openjdk-11/oldstable (jmm)
+  needs asmtools backport in bullseye
 --
 openjdk-17 (jmm)
+  needs testng7 backports
+--
+orthanc (jmm)
 --
 php-cas/oldstable
 --
@@ -77,7 +81,8 @@ ruby-tzinfo/oldstable
 --
 salt/oldstable
 --
-samba/oldstable
+samba (jmm)
+  oldstable likely to be EOLed partly
 --
 sox
   all issues unfixed upstream



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b09747bdde2652d3536e1d4e4df8b8de22de4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b09747bdde2652d3536e1d4e4df8b8de22de4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to