Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac3dd65a by Moritz Muehlenhoff at 2023-09-02T20:08:57+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -95,6 +95,8 @@ CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in
General Solutions
NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement
CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath
before ...)
- libtommath <unfixed>
+ [bookworm] - libtommath <no-dsa> (Minor issue)
+ [bullseye] - libtommath <no-dsa> (Minor issue)
NOTE: https://github.com/libtom/libtommath/pull/546
NOTE:
https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9
CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit
421f2e91cf2ba424 ...)
@@ -466,6 +468,8 @@ CVE-2023-40186 (FreeRDP is a free implementation of the
Remote Desktop Protocol
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server.
In versio ...)
- xrdp <unfixed> (bug #1051061)
+ [bookworm] - xrdp <no-dsa> (Minor issue)
+ [bullseye] - xrdp <no-dsa> (Minor issue)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
NOTE:
https://github.com/neutrinolabs/xrdp/commit/25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e
CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
@@ -623,6 +627,7 @@ CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to
contain two Regular expre
TODO: check
CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid
read mem ...)
- aom 3.7.0~rc3-1
+ [bookworm] - aom <no-dsa> (Minor issue)
[bullseye] - aom <not-affected> (Vulnerable code introduced later)
[buster] - aom <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3
@@ -1989,6 +1994,8 @@ CVE-2023-39743 (lrzip-next LZMA v23.01 was discovered to
contain an access viola
- lrzip-next <itp> (bug #1042088)
CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the
libzpaq ...)
- lrzip <unfixed>
+ [bookworm] - lrzip <no-dsa> (Minor issue)
+ [bullseye] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/246
CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before
allows a ...)
NOT-FOR-US: JeecgBoot
@@ -6165,6 +6172,7 @@ CVE-2023-37479 (Open Enclave is a hardware-agnostic open
source library for deve
NOT-FOR-US: Open Enclave
CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A
carefull ...)
- openrefine 3.6.2-3 (bug #1041422)
+ [bookworm] - openrefine <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
(master)
NOTE:
https://github.com/OpenRefine/OpenRefine/commit/c40c84d8170c4d61c6a0926531b552a50caa5651
(3.7.4)
@@ -22207,6 +22215,8 @@ CVE-2023-28756 (A ReDoS issue was discovered in the
Time component through 0.2.1
CVE-2023-28755 (A ReDoS issue was discovered in the URI component through
0.12.0 in Ru ...)
{DLA-3447-1 DLA-3408-1}
- rubygems <unfixed>
+ [bookworm] - rubygems <no-dsa> (Minor issue)
+ [bullseye] - rubygems <no-dsa> (Minor issue)
- ruby3.1 <unfixed> (bug #1038408)
- ruby2.7 <removed>
- ruby2.5 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3dd65ac6eac8ffc0729eb262b40827d8b0ec88
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3dd65ac6eac8ffc0729eb262b40827d8b0ec88
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
