bullseye triage

Moritz Muehlenhoff (@jmm) Sun, 23 Jul 2023 15:08:54 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e2b58355 by Moritz Muehlenhoff at 2023-07-24T00:08:07+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -382,6 +382,7 @@ CVE-2023-34966 (An infinite loop vulnerability was found in 
Samba's mdssvc RPC s
        NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
 CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to 
denial of service]
        - libvirt <unfixed> (bug #1041811)
+       [bookworm] - libvirt <no-dsa> (Minor issue)
        [bullseye] - libvirt <not-affected> (Vulnerable code not present)
        [buster] - libvirt <not-affected> (Vulnerable code not present)
        NOTE: 
https://listman.redhat.com/archives/libvir-list/2023-July/240776.html
@@ -866,6 +867,8 @@ CVE-2023-38337 (rswag before 2.10.1 allows remote attackers 
to read arbitrary JS
        NOT-FOR-US: rswag
 CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via 
filename ...)
        - netkit-rsh <unfixed> (bug #1039689)
+       [bookworm] - netkit-rsh <no-dsa> (Minor issue)
+       [bullseye] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command 
injection ...)
        NOT-FOR-US: WAYOS
 CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer 
overflow v ...)
@@ -1476,6 +1479,7 @@ CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master 
was discovered to contain
        NOTE: 
https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
 CVE-2023-32200 (There is insufficient restrictions of called script functions 
in Apach ...)
        - apache-jena <unfixed> (bug #1041108)
+       [bookworm] - apache-jena <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11
 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to 
unauth ...)
        NOT-FOR-US: WP-Members Membership plugin for WordPress
@@ -82979,10 +82983,14 @@ CVE-2022-33066
        RESERVED
 CVE-2022-33065 (Multiple signed integers overflow in function au_read_header 
in src/au ...)
        - libsndfile <unfixed>
+       [bookworm] - libsndfile <no-dsa> (Minor issue)
+       [bullseye] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/libsndfile/libsndfile/issues/833
        NOTE: https://github.com/libsndfile/libsndfile/issues/789
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c 
in Libsnd ...)
        - libsndfile <unfixed>
+       [bookworm] - libsndfile <no-dsa> (Minor issue)
+       [bullseye] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/libsndfile/libsndfile/issues/832
 CVE-2022-33063
        RESERVED
@@ -89981,6 +89989,7 @@ CVE-2022-30635 (Uncontrolled recursion in 
Decoder.Decode in encoding/gob before
        - golang-1.18 1.18.4-1
        - golang-1.17 1.17.13-1
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        NOTE: https://go.dev/issue/53615
@@ -90003,6 +90012,7 @@ CVE-2022-30633 (Uncontrolled recursion in Unmarshal in 
encoding/xml before Go 1.
        - golang-1.18 1.18.4-1
        - golang-1.17 1.17.13-1
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        NOTE: https://go.dev/issue/53611
@@ -90014,6 +90024,7 @@ CVE-2022-30632 (Uncontrolled recursion in Glob in 
path/filepath before Go 1.17.1
        - golang-1.18 1.18.4-1
        - golang-1.17 1.17.13-1
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        NOTE: https://go.dev/issue/53416
@@ -90025,6 +90036,7 @@ CVE-2022-30631 (Uncontrolled recursion in Reader.Read 
in compress/gzip before Go
        - golang-1.18 1.18.4-1
        - golang-1.17 1.17.13-1
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        NOTE: https://go.dev/issue/53168



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b5835505e6d8dbfbe9bbda06307dd98111b7d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b5835505e6d8dbfbe9bbda06307dd98111b7d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to