bookworm triage

Moritz Muehlenhoff (@jmm) Thu, 07 Sep 2023 03:11:59 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
95731b3f by Moritz Muehlenhoff at 2023-09-07T12:11:29+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -436,6 +436,8 @@ CVE-2023-4587 (An IDOR vulnerability has been found in 
ZKTeco ZEM800 product aff
        NOT-FOR-US: ZKTeco ZEM800 product
 CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in 
Daurnimat ...)
        - lua-http <unfixed>
+       [bookworm] - lua-http <no-dsa> (Minor issue)
+       [bullseye] - lua-http <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6
 CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise 
and escap ...)
        NOT-FOR-US: WordPress plugin
@@ -705,9 +707,10 @@ CVE-2023-32806 (In wlan driver, there is a possible out of 
bounds write due to i
 CVE-2023-32805 (In power, there is a possible out of bounds write due to an 
insecure d ...)
        NOT-FOR-US: MediaTek
 CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
-       - vim <unfixed>
+       - vim <unfixed> (unimportant)
        NOTE: 
https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b 
(v9.0.1331)
        NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-4740 (A vulnerability, which was classified as critical, was found in 
IBOS O ...)
        NOT-FOR-US: IBOS OA
 CVE-2023-4739 (A vulnerability, which was classified as critical, has been 
found in B ...)
@@ -1413,6 +1416,8 @@ CVE-2023-39678 (A cross-site scripting (XSS) 
vulnerability in the device web int
        NOT-FOR-US: BDCOM OLT P3310D-2AC
 CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular 
expression  ...)
        - mathjax <unfixed>
+       [bookworm] - mathjax <no-dsa> (Minor issue)
+       [bullseye] - mathjax <no-dsa> (Minor issue)
        NOTE: https://github.com/mathjax/MathJax/issues/3074
 CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid 
read mem ...)
        [experimental] - aom 3.7.0-1~exp1


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ nodejs
 --
 nova/oldstable
 --
+open-vm-tools (jmm)
+--
 openjdk-17/oldstable (jmm)
 --
 php-cas/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95731b3fce160a20d0d1d246a2e985aa76671f84

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95731b3fce160a20d0d1d246a2e985aa76671f84
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to