Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36af2a11 by Moritz Muehlenhoff at 2023-09-01T10:01:06+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3-D ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec
NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922
CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
@@ -8,10 +9,12 @@ CVE-2023-4682 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c
CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3-D ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c
NOTE: https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e
CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07
NOTE: https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877
CVE-2023-41748 (Remote command execution due to improper input validation. The
followi ...)
@@ -110,6 +113,8 @@ CVE-2023-4649 (Session Fixation in GitHub repository
instantsoft/icms2 prior to
NOT-FOR-US: icms2
CVE-2023-4641 [gpasswd(1) password leak]
- shadow <unfixed>
+ [bookworm] - shadow <no-dsa> (Minor issue)
+ [bullseye] - shadow <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2215945
NOTE:
https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
(4.14.0-rc1)
CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to
Stored Cr ...)
@@ -19504,6 +19509,7 @@ CVE-2023-29452 (Currently, geomap configuration
(Administration -> General -> Ge
CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the
JSON parser ...)
{DLA-3538-1}
- zabbix <unfixed>
+ [bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <not-affected> (5.x not affected)
NOTE: https://support.zabbix.com/browse/ZBX-22587
CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain
access t ...)
@@ -29999,6 +30005,8 @@ CVE-2023-0923
NOT-FOR-US: Red Hat OpenShift Data Science
CVE-2023-0922 (The Samba AD DC administration tool, when operating against a
remote L ...)
- samba 2:4.17.7+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all
versions fro ...)
- gitlab 15.10.8+ds1-2
@@ -117984,15 +117992,18 @@ CVE-2022-23517 (rails-html-sanitizer is responsible
for sanitizing HTML fragment
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
CVE-2022-23516 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
+ [bullseye] - ruby-loofah <no-dsa> (Minor issue)
[buster] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
NOTE:
https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
CVE-2022-23515 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
+ [bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
NOTE:
https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f
CVE-2022-23514 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
+ [bullseye] - ruby-loofah <no-dsa> (Minor issue)
[buster] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
NOTE:
https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143
@@ -150154,7 +150165,7 @@ CVE-2021-3670 (MaxQueryDuration not honoured in Samba
AD DC LDAP)
[buster] - ldb <no-dsa> (Minor issue)
[stretch] - ldb <no-dsa> (Minor issue)
- samba 2:4.16.0+dfsg-2
- [bullseye] - samba <no-dsa> (Minor issue)
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
[buster] - samba <ignored> (Minor issue; affects Samba as AD DC; cf DSA
5015-1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2077533
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14694
=====================================
data/dsa-needed.txt
=====================================
@@ -69,6 +69,8 @@ ruby-nokogiri/oldstable
ruby-rack/oldstable (carnil)
Update shows regressions in ruby-sinatra autopkgtests
--
+ruby-rails-html-sanitizer
+--
ruby-sinatra/oldstable
Maintainer posted packaging repository link with proposed changes for review
--
@@ -78,6 +80,8 @@ salt/oldstable
--
samba/oldstable
--
+thunderbird (jmm)
+--
tiff
--
trafficserver
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36af2a1169b02de4083f2f48d0d537dbc4b21532
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36af2a1169b02de4083f2f48d0d537dbc4b21532
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
