Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb8ce9ac by Moritz Muehlenhoff at 2023-07-24T12:53:10+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -566,6 +566,8 @@ CVE-2018-25088 (A vulnerability, which was classified as
critical, was found in
NOT-FOR-US: Blue Yonder postgraas_server
CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key)
extension nor ...)
- wolfssl <unfixed> (bug #1041699)
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/6412
NOTE:
https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa
(v5.6.2-stable)
CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized mod ...)
@@ -696,8 +698,9 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to
contain a stack overflow
NOTE: Negligible security impact
CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a
FPE vulne ...)
- pixman <unfixed>
+ [bookworm] - pixman <no-dsa> (Minor issue)
+ [bullseye] - pixman <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76
- TODO: check, not clear if the issue only in the stress-test binary or
affecting as well the library
CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for
developing ...)
NOT-FOR-US: Open Enclave
CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A
carefull ...)
@@ -5424,6 +5427,8 @@ CVE-2023-3140 (Missing HTTP headers (X-Frame-Options,
Content-Security-Policy) i
NOT-FOR-US: KNIME Business Hub
CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A
design fla ...)
- sabnzbdplus 4.0.2+dfsg-1 (bug #1038949)
+ [bookworm] - sabnzbdplus <no-dsa> (Minor issue)
+ [bullseye] - sabnzbdplus <no-dsa> (Minor issue)
NOTE:
https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc
(4.0.2RC2)
NOTE:
https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429
(4.0.2RC2)
NOTE:
https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r
@@ -65801,6 +65806,7 @@ CVE-2022-39265 (MyBB is a free and open source forum
software. The _Mail Setting
NOT-FOR-US: MyBB
CVE-2022-39264 (nheko is a desktop client for the Matrix communication
application. Al ...)
- nheko 0.10.2-1
+ [bullseye] - nheko <not-affected> (Vulnerable code not present)
[buster] - nheko <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7
NOTE:
https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199
(v0.10.2)
@@ -97668,6 +97674,7 @@ CVE-2022-28132
CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before
Go 1.17. ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye
DSAs/point-releases)
NOTE: https://github.com/golang/go/issues/53614
=====================================
data/dsa-needed.txt
=====================================
@@ -55,6 +55,8 @@ php-horde-turba/oldstable
--
py7zr/oldstable
--
+python-django (jmm)
+--
python-glance-store/oldstable
--
python-os-brick/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
