bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 09 Oct 2023 07:25:23 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
06c9a8c7 by Moritz Muehlenhoff at 2023-10-09T16:24:47+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -346,23 +346,33 @@ CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme 
Network AP devices has a Buff
        NOT-FOR-US: IQ Engine
 CVE-2023-3430
        - openimageio 2.4.13.0+dfsg-1
+       [bookworm] - openimageio <no-dsa> (Minor issue)
+       [bullseye] - openimageio <no-dsa> (Minor issue)
        NOTE: https://github.com/OpenImageIO/oiio/issues/3840
        NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957
 (v2.4.12.0)
 CVE-2023-38473
        - avahi <unfixed>
+       [bookworm] - avahi <no-dsa> (Minor issue)
+       [bullseye] - avahi <no-dsa> (Minor issue)
        NOTE: https://github.com/lathiat/avahi/issues/451
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38472
        - avahi <unfixed>
+       [bookworm] - avahi <no-dsa> (Minor issue)
+       [bullseye] - avahi <no-dsa> (Minor issue)
        NOTE: https://github.com/lathiat/avahi/issues/452
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38471
        - avahi <unfixed>
+       [bookworm] - avahi <no-dsa> (Minor issue)
+       [bullseye] - avahi <no-dsa> (Minor issue)
        NOTE: https://github.com/lathiat/avahi/issues/453
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38470
        - avahi <unfixed>
+       [bookworm] - avahi <no-dsa> (Minor issue)
+       [bullseye] - avahi <no-dsa> (Minor issue)
        NOTE: https://github.com/lathiat/avahi/issues/454
        NOTE: https://github.com/lathiat/avahi/pull/457
        NOTE: 
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
@@ -2005,6 +2015,8 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An 
OpenVAS port scan on por
        NOTE: https://jira.mariadb.org/browse/MDEV-25068
 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite 
arbitrary files]
        - ansible-core <unfixed> (bug #1053693)
+       [bookworm] - ansible-core <no-dsa> (Minor issue)
+       [bullseye] - ansible-core <no-dsa> (Minor issue)
        - ansible 5.4.0-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810
        NOTE: https://github.com/ansible/ansible/pull/81780
@@ -6362,6 +6374,8 @@ CVE-2023-40217 (An issue was discovered in Python before 
3.8.18, 3.9.x before 3.
        - python2.7 <removed>
        [bullseye] - python2.7 2.7.18-8+deb11u1
        - pypy3 7.3.13+dfsg-1
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
+       [bullseye] - pypy3 <no-dsa> (Minor issue)
        NOTE: 
https://mail.python.org/archives/list/security-annou...@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
        NOTE: https://github.com/python/cpython/issues/108310
        NOTE: https://github.com/python/cpython/pull/108315
@@ -37600,7 +37614,7 @@ CVE-2023-25516 (NVIDIA GPU Display Driver for Linux 
contains a vulnerability in
        [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
        - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
        [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
-       [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1
+       [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1
        - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
        [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not 
supported)
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470
@@ -37625,7 +37639,7 @@ CVE-2023-25515 (NVIDIA GPU Display Driver for Windows 
and Linux contains a vulne
        [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
        - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
        [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
-       [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1
+       [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1
        - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
        [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not 
supported)
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ cacti
 --
 cinder/oldstable
 --
+curl (jmm)
+--
 gpac/oldstable (jmm)
 --
 gst-plugins-bad1.0 (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to