Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f35d7aa3 by Moritz Muehlenhoff at 2023-10-04T14:21:50+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -248,6 +248,8 @@ CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/clien NOTE: https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705 CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim <unfixed> + [bookworm] - vim <no-dsa> (Minor issue) + [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04 NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...) @@ -457,8 +459,9 @@ CVE-2023-5112 (Os Commerce is currently susceptible to a Cross-Site Scripting (X CVE-2023-5111 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43907 (OptiPNG v0.7.7 was discovered to contain a global buffer overflow via ...) - - optipng <unfixed> + - optipng <unfixed> (unimportant) NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md + NOTE: Crash in CLI tool, no security impact CVE-2023-43735 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43734 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) @@ -561,6 +564,8 @@ CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Ex NOT-FOR-US: OpenHook plugin for WordPress CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects linters u ...) - node-postcss <unfixed> (bug #1053282) + [bookworm] - node-postcss <no-dsa> (Minor issue) + [bullseye] - node-postcss <no-dsa> (Minor issue) NOTE: https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 (8.4.31) CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce @@ -1475,6 +1480,8 @@ CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton S NOT-FOR-US: Eaton CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...) - node-get-func-name <unfixed> (bug #1053262) + [bookworm] - node-get-func-name <no-dsa> (Minor issue) + [bullseye] - node-get-func-name <no-dsa> (Minor issue) NOTE: https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5 NOTE: https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69 (v2.0.1) CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of Welcart ...) @@ -4042,8 +4049,8 @@ CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests] - xen <unfixed> - [bookworm] - xen <no-dsa> (Minor issue, fix along in future DSA or point release) - [bullseye] - xen <no-dsa> (Minor issue, fix along in future DSA or point release) + [bookworm] - xen <postponed> (Minor issue, fix along in future DSA or point release) + [bullseye] - xen <postponed> (Minor issue, fix along in future DSA or point release) [buster] - xen <end-of-life> (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-438.html CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated] @@ -24821,6 +24828,8 @@ CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) - nuget <unfixed> (bug #1050835) + [bookworm] - nuget <no-dsa> (Minor issue) + [bullseye] - nuget <no-dsa> (Minor issue) [buster] - nuget <postponed> (Can wait for next update) NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability) @@ -62647,6 +62656,8 @@ CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially {DSA-5492-1 DSA-5480-1} - linux 6.4.13-1 - xen <unfixed> + [bookworm] - xen <postponed> (Minor issue, fix along in future DSA or point release) + [bullseye] - xen <postponed> (Minor issue, fix along in future DSA or point release) [buster] - xen <end-of-life> (DSA 4677-1) NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921 ===================================== data/dsa-needed.txt ===================================== @@ -17,6 +17,8 @@ audiofile -- cacti -- +chromium (jmm) +-- cinder/oldstable -- gpac/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35d7aa3d93c21a88de45c605f4456a417d54bd5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35d7aa3d93c21a88de45c605f4456a417d54bd5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits