Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 78b42d55 by Markus Koschany at 2023-07-29T16:53:50+02:00 CVE-2021-37819,libitext*-java: no-dsa for Buster Minor issue - - - - - 028d5267 by Markus Koschany at 2023-07-29T23:43:47+02:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 07db09cd by Markus Koschany at 2023-07-29T23:45:35+02:00 CVE-2023-38633,librsvg: buster is not affected The vulnerable code was introduced later. Upstream introduced the new logic to decide wheter to allow loading files in https://gitlab.gnome.org/GNOME/librsvg/-/commit/7534fd46a1e295fbc6ff9cfa199d29152b8542bf which is not present in Buster and earlier versions. The POC triggers for Bullseye and later versions. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -662,6 +662,7 @@ CVE-2023-3827 (A vulnerability was found in Bug Finder Listplace Directory Listi NOT-FOR-US: Bug Finder CVE-2023-38633 (A directory traversal problem in the URL decoder of librsvg before 2.5 ...) - librsvg <unfixed> (bug #1041810) + [buster] - librsvg <not-affected> (The vulnerable code was introduced later) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1213502 NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/15293f1243e1dd4756ffc1d13d5a8ea49167174f (2.54.6) @@ -144600,9 +144601,11 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite - libitext1-java <unfixed> [bookworm] - libitext1-java <no-dsa> (Minor issue) [bullseye] - libitext1-java <no-dsa> (Minor issue) + [buster] - libitext1-java <no-dsa> (Minor issue) - libitext5-java <unfixed> [bookworm] - libitext5-java <no-dsa> (Minor issue) [bullseye] - libitext5-java <no-dsa> (Minor issue) + [buster] - libitext5-java <no-dsa> (Minor issue) NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21 NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0) NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
