Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71322725 by Moritz Muehlenhoff at 2023-09-12T12:23:42+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -412,6 +412,7 @@ CVE-2023-41327 (WireMock is a tool for mocking HTTP
services. WireMock can be co
NOT-FOR-US: WireMock
CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis
does not c ...)
- redis 5:7.0.13-1 (bug #1051512)
+ [bookworm] - redis <no-dsa> (Minor issue)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
NOTE: Introduced after:
https://github.com/redis/redis/commit/55c81f2cd3da82f9f570000875e006b9046ddef3
(7.0-rc1)
@@ -2029,6 +2030,7 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in
UserSettingsController all
NOT-FOR-US: Cerebrate
CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c
does not ...)
- frr <unfixed>
+ [bookworm] - frr 8.4.4-1.1~deb12u1
[bullseye] - frr <not-affected> (The vulnerable code was introduced
later)
NOTE: https://github.com/FRRouting/frr/pull/14241
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840
@@ -2036,6 +2038,7 @@ CVE-2023-41361 (An issue was discovered in FRRouting FRR
9.0. bgpd/bgp_open.c do
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e
CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0.
bgpd/bgp_packet. ...)
- frr 8.4.4-1.1
+ [bookworm] - frr 8.4.4-1.1~deb12u1
[bullseye] - frr <not-affected> (The vulnerable code was introduced
later)
NOTE: https://github.com/FRRouting/frr/pull/14245
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702
@@ -2111,6 +2114,8 @@ CVE-2023-4569 (A memory leak flaw was found in
nft_set_catchall_flush in net/net
NOTE:
https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
CVE-2023-4567
- ansible <unfixed> (bug #1051725)
+ [bookworm] - ansible <no-dsa> (Minor issue)
+ [bullseye] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC
and transaction]
- linux 6.4.13-1
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+audiofile
+ unfixed upstream
--
cacti
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713227254a14be52444e3dc7ed2fec2d0dc9cd53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713227254a14be52444e3dc7ed2fec2d0dc9cd53
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
