Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c021404 by Moritz Muehlenhoff at 2023-09-20T09:13:55+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -156,6 +156,8 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel
before 5.8.6. driver
NOTE:
https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in handling of
linkrefs in plain text messages]
- roundcube 1.6.3+dfsg-1 (bug #1052059)
+ [bookworm] - roundcube <no-dsa> (Minor issue)
+ [bullseye] - roundcube <no-dsa> (Minor issue)
NOTE:
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b
(1.6.3)
CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository
usememos/memos ...)
@@ -587,6 +589,8 @@ CVE-2023-41892 (Craft CMS is a platform for creating
digital experiences. This i
NOT-FOR-US: Craft CMS
CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some
circumstances, ...)
- libapache-mod-jk 1:1.2.49-1 (bug #1051956)
+ [bookworm] - libapache-mod-jk <no-dsa> (Minor issue)
+ [bullseye] - libapache-mod-jk <no-dsa> (Minor issue)
NOTE: https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b
NOTE: http://www.openwall.com/lists/oss-security/2023/09/13/2
NOTE:
https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49
@@ -683,6 +687,8 @@ CVE-2023-4813 (A flaw was found in glibc. In an uncommon
situation, the gaih_ine
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215
(glibc-2.36)
CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the
getaddr ...)
- glibc 2.37-10
+ [bookworm] - glibc <no-dsa> (Minor issue)
+ [bullseye] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843
CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is
called wit ...)
- glibc 2.37-9 (bug #1051958)
@@ -1968,6 +1974,8 @@ CVE-2023-2813 (All of the above Aapna WordPress theme
through 1.3, Anand WordPre
CVE-2023-41164
{DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
+ [bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
+ [bullseye] - python-django <postponed> (Minor issue, fix along in
future update)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
NOTE:
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
NOTE:
https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce
(main)
@@ -7306,6 +7314,8 @@ CVE-2023-38410 (The issue was addressed with improved
checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient
Algorithmic Co ...)
- modsecurity 3.0.10-1 (bug #1042475)
+ [bookworm] - modsecurity <no-dsa> (Minor issue)
+ [bullseye] - modsecurity <no-dsa> (Minor issue)
NOTE:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
CVE-2023-38261 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ lldpd (carnil)
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
+netatalk/oldstable (jmm)
+--
nodejs
maintainer proposed to follow the upstream 18.x LTS branch
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
