Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9c021404 by Moritz Muehlenhoff at 2023-09-20T09:13:55+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -156,6 +156,8 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. driver NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1) CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages] - roundcube 1.6.3+dfsg-1 (bug #1052059) + [bookworm] - roundcube <no-dsa> (Minor issue) + [bullseye] - roundcube <no-dsa> (Minor issue) NOTE: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b (1.6.3) CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) @@ -587,6 +589,8 @@ CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This i NOT-FOR-US: Craft CMS CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some circumstances, ...) - libapache-mod-jk 1:1.2.49-1 (bug #1051956) + [bookworm] - libapache-mod-jk <no-dsa> (Minor issue) + [bullseye] - libapache-mod-jk <no-dsa> (Minor issue) NOTE: https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b NOTE: http://www.openwall.com/lists/oss-security/2023/09/13/2 NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49 @@ -683,6 +687,8 @@ CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_ine NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36) CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...) - glibc 2.37-10 + [bookworm] - glibc <no-dsa> (Minor issue) + [bullseye] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843 CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...) - glibc 2.37-9 (bug #1051958) @@ -1968,6 +1974,8 @@ CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPre CVE-2023-41164 {DLA-3558-1} - python-django 3:3.2.21-1 (bug #1051226) + [bookworm] - python-django <postponed> (Minor issue, fix along in future update) + [bullseye] - python-django <postponed> (Minor issue, fix along in future update) NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1 NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/ NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main) @@ -7306,6 +7314,8 @@ CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixe NOT-FOR-US: Apple CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...) - modsecurity 3.0.10-1 (bug #1042475) + [bookworm] - modsecurity <no-dsa> (Minor issue) + [bullseye] - modsecurity <no-dsa> (Minor issue) NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple ===================================== data/dsa-needed.txt ===================================== @@ -33,6 +33,8 @@ lldpd (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- +netatalk/oldstable (jmm) +-- nodejs maintainer proposed to follow the upstream 18.x LTS branch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits