Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
616b8997 by Moritz Muehlenhoff at 2023-08-28T11:52:30+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54,7 +54,9 @@ CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of
service: remote at
NOT-FOR-US: Array AG OS
CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
- tomcat10 <unfixed>
+ [bookworm] - tomcat10 <postponed> (Minor issue, fix along with future
update)
- tomcat9 9.0.70-2
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along with future
update)
- tomcat8 <removed>
NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
NOTE:
https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
(10.1.13)
@@ -46229,8 +46231,11 @@ CVE-2022-47023
RESERVED
CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows
attackers to ca ...)
- hwloc <unfixed>
+ [bookworm] - hwloc <no-dsa> (Minor issue)
+ [bullseye] - hwloc <no-dsa> (Minor issue)
NOTE: https://github.com/open-mpi/hwloc/issues/544
- TODO: check, additionally openmpi and mpich embedd hwloc, but issue
seems negligible
+ NOTE:
https://github.com/open-mpi/hwloc/commit/eec84f84d4c4a7af6ed2c57ba95a9256e56e73b4
+ NOTE: Additionally openmpi and mpich embedd hwloc, but issue seems
negligible
CVE-2022-47021 (A null pointer dereference issue was discovered in functions
op_get_da ...)
- opusfile 0.12-4 (bug #1030049)
[bullseye] - opusfile <no-dsa> (Minor issue)
@@ -59984,6 +59989,8 @@ CVE-2022-43358 (Stack overflow vulnerability in
ast_selectors.cpp: in function S
NOTE: https://github.com/sass/libsass/issues/3178
CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function
Sass::Co ...)
- libsass <unfixed>
+ [bookworm] - libsass <no-dsa> (Minor issue)
+ [bullseye] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/3177
CVE-2022-43356
RESERVED
@@ -68800,6 +68807,7 @@ CVE-2022-40091 (Online Tours & Travels Management
System v1.0 was discovered to
NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff
before 4 ...)
- tiff 4.5.0-2
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91
(v4.5.0rc1)
@@ -107155,6 +107163,8 @@ CVE-2022-26593 (Cross-site scripting (XSS)
vulnerability in the Asset module's a
NOT-FOR-US: Liferay
CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the
CompoundSelector ...)
- libsass <unfixed>
+ [bookworm] - libsass <no-dsa> (Minor issue)
+ [bullseye] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/3174
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows
unauthenticated attac ...)
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
@@ -118015,6 +118025,8 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was
discovered to contain a seg
NOTE:
https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
(v2.0.0)
CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre
3.5.28 in all ...)
- djvulibre <unfixed>
+ [bookworm] - djvulibre <no-dsa> (Minor issue)
+ [bullseye] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/344/
CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0
via the ...)
- gpac 2.0.0+dfsg1-2
@@ -118025,6 +118037,8 @@ CVE-2021-46311 (A NULL pointer dereference
vulnerability exists in GPAC v1.1.0 v
NOTE:
https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
(v2.0.0)
CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in
allows at ...)
- djvulibre <unfixed>
+ [bookworm] - djvulibre <no-dsa> (Minor issue)
+ [bullseye] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/345/
CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester
Employee and V ...)
NOT-FOR-US: Sourcecodester
@@ -221395,10 +221409,11 @@ CVE-2020-21529 (fig2dev 3.2.7b contains a stack
buffer overflow in the bezier_sp
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/
(3.2.8)
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/
(3.2.8)
CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment
function in o ...)
- - nasm 2.16.01-1
+ - nasm 2.16.01-1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392637
NOTE: Introduced by:
https://github.com/netwide-assembler/nasm/commit/98578071b9d71ecaa2344dd9c185237c1765041e
(nasm-2.14rc1)
NOTE: Fixed by:
https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b
(nasm-2.16rc1)
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo
v1.1.3. A ba ...)
NOT-FOR-US: Halo
CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an
interfac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/616b899709e60c138ffd96a96ec061da24a0c52f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/616b899709e60c138ffd96a96ec061da24a0c52f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
