Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 06c9a8c7 by Moritz Muehlenhoff at 2023-10-09T16:24:47+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -346,23 +346,33 @@ CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buff NOT-FOR-US: IQ Engine CVE-2023-3430 - openimageio 2.4.13.0+dfsg-1 + [bookworm] - openimageio <no-dsa> (Minor issue) + [bullseye] - openimageio <no-dsa> (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3840 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) CVE-2023-38473 - avahi <unfixed> + [bookworm] - avahi <no-dsa> (Minor issue) + [bullseye] - avahi <no-dsa> (Minor issue) NOTE: https://github.com/lathiat/avahi/issues/451 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38472 - avahi <unfixed> + [bookworm] - avahi <no-dsa> (Minor issue) + [bullseye] - avahi <no-dsa> (Minor issue) NOTE: https://github.com/lathiat/avahi/issues/452 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38471 - avahi <unfixed> + [bookworm] - avahi <no-dsa> (Minor issue) + [bullseye] - avahi <no-dsa> (Minor issue) NOTE: https://github.com/lathiat/avahi/issues/453 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38470 - avahi <unfixed> + [bookworm] - avahi <no-dsa> (Minor issue) + [bullseye] - avahi <no-dsa> (Minor issue) NOTE: https://github.com/lathiat/avahi/issues/454 NOTE: https://github.com/lathiat/avahi/pull/457 NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c @@ -2005,6 +2015,8 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por NOTE: https://jira.mariadb.org/browse/MDEV-25068 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files] - ansible-core <unfixed> (bug #1053693) + [bookworm] - ansible-core <no-dsa> (Minor issue) + [bullseye] - ansible-core <no-dsa> (Minor issue) - ansible 5.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810 NOTE: https://github.com/ansible/ansible/pull/81780 @@ -6362,6 +6374,8 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3. - python2.7 <removed> [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.13+dfsg-1 + [bookworm] - pypy3 <no-dsa> (Minor issue) + [bullseye] - pypy3 <no-dsa> (Minor issue) NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ NOTE: https://github.com/python/cpython/issues/108310 NOTE: https://github.com/python/cpython/pull/108315 @@ -37600,7 +37614,7 @@ CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 - [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 @@ -37625,7 +37639,7 @@ CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 - [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 ===================================== data/dsa-needed.txt ===================================== @@ -19,6 +19,8 @@ cacti -- cinder/oldstable -- +curl (jmm) +-- gpac/oldstable (jmm) -- gst-plugins-bad1.0 (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits