Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b140a47 by Moritz Muehlenhoff at 2023-11-06T23:38:48+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2265,9 +2265,7 @@ CVE-2023-44760 (Multiple Cross Site Scripting (XSS)
vulnerabilities in Concrete
CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
NOT-FOR-US: CMSmadesimple
CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28
allows a remo ...)
- - libstb <unfixed>
- NOTE: https://github.com/peccc/double-stb
- TODO: check, is this duplicate of CVE-2023-45664?
+ NOTE: Duplicate of CVE-2023-45664
CVE-2023-39817
REJECTED
CVE-2023-39816
@@ -3970,6 +3968,8 @@ CVE-2023-5554 (Lack of TLS certificate verification in
log transmission of a fin
CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including
20230618. ...)
- libjson-java <unfixed> (bug #1053882)
- jenkins-json <unfixed> (bug #1053883)
+ [bookworm] - jenkins-json <no-dsa> (Minor issue)
+ [bullseye] - jenkins-json <no-dsa> (Minor issue)
- libjettison-java <unfixed> (bug #1053884)
[bookworm] - libjettison-java <no-dsa> (Minor issue)
[bullseye] - libjettison-java <no-dsa> (Minor issue)
@@ -5715,6 +5715,8 @@ CVE-2023-33268 (An issue was discovered in DTS Monitoring
3.57.0. The parameter
NOT-FOR-US: DTS Monitoring
CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertise ...)
- openvswitch 3.1.2-1
+ [bookworm] - openvswitch <no-dsa> (Minor issue)
+ [bullseye] - openvswitch <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
NOTE:
https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459
(v3.1.2)
NOTE:
https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c
(v3.2.0)
@@ -14293,6 +14295,8 @@ CVE-2023-38698 (Ethereum Name Service (ENS) is a
distributed, open, and extensib
NOT-FOR-US: Ethereum Name Service (ENS)
CVE-2023-38697 (protocol-http1 provides a low-level implementation of the
HTTP/1 proto ...)
- ruby-protocol-http1 <unfixed> (bug #1043432)
+ [bookworm] - ruby-protocol-http1 <no-dsa> (Minor issue)
+ [bullseye] - ruby-protocol-http1 <no-dsa> (Minor issue)
NOTE: https://github.com/socketry/protocol-http1/pull/20
NOTE:
https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding
NOTE:
https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj
@@ -21437,6 +21441,8 @@ CVE-2020-36705 (The Adning Advertising plugin for
WordPress is vulnerable to arb
CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a
symlink ...)
{DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
+ [bookworm] - renderdoc <no-dsa> (Minor issue)
+ [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -21446,6 +21452,8 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local
privilege escalation via a sy
CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows
an Inte ...)
{DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
+ [bookworm] - renderdoc <no-dsa> (Minor issue)
+ [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -21455,6 +21463,8 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in
RenderDoc before 1.27 allows a
CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer
Overflow wit ...)
{DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
+ [bookworm] - renderdoc <no-dsa> (Minor issue)
+ [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -130847,6 +130857,7 @@ CVE-2022-22996 (The G-RAID 4/8 Software Utility
setups for Windows were affected
NOT-FOR-US: Western Digital Windows setup
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their
default ...)
- netatalk 3.1.18~ds-1 (bug #1053545)
+ [bullseye] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php
NOTE: https://github.com/Netatalk/netatalk/pull/509
NOTE:
https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b140a471378a4a57e271a5a898354ccac037970
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b140a471378a4a57e271a5a898354ccac037970
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
