bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 07 Nov 2023 11:51:44 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4c5363e5 by Moritz Muehlenhoff at 2023-11-07T20:32:55+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18019,6 +18019,8 @@ CVE-2023-29156 (DroneScout ds230 Remote ID receiver 
from BlueMark Innovationsis
        NOT-FOR-US: Rockwell
 CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x 
through ...)
        - opendkim <unfixed> (bug #1041107)
+       [bookworm] - opendkim <no-dsa> (Minor issue)
+       [bullseye] - opendkim <no-dsa> (Minor issue)
        NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability 
where an au ...)
        - airflow <itp> (bug #819700)
@@ -18898,6 +18900,7 @@ CVE-2023-36608 (The affected TBox RTUs store hashed 
passwords using MD5 encrypti
        NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 
and befor ...)
        - osslsigncode 2.3.0-1 (bug #1035875)
+       [bullseye] - osslsigncode <no-dsa> (Minor issue)
        NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 
allows a rem ...)
        NOT-FOR-US: Maxsite CMS
@@ -82631,18 +82634,21 @@ CVE-2022-39252 (matrix-rust-sdk is an implementation 
of a Matrix client-server l
        NOT-FOR-US: matrix-rust-sdk
 CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current 
Matrix implementations)
        [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: 
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software 
development ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current 
Matrix implementations)
        [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: 
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current 
Matrix implementations)
        [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
@@ -82684,6 +82690,7 @@ CVE-2022-39237 (syslabs/sif is the Singularity Image 
Format (SIF) reference impl
        NOTE: 
https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 
(v2.8.1)
 CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current 
Matrix implementations)
        [buster] - node-matrix-js-sdk <postponed> (Minor issue)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76


=====================================
data/dsa-needed.txt
=====================================
@@ -73,6 +73,8 @@ ruby-nokogiri/oldstable
 --
 ruby-rails-html-sanitizer
 --
+ruby-sanitize
+--
 ruby-sinatra/oldstable
   Maintainer posted packaging repository link with proposed changes for review
 --
@@ -88,3 +90,6 @@ tiff (aron)
 --
 xen (jmm)
 --
+zbar
+  unfixed upstream
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5363e59507a38b049fa27f1f0ea7731faee9de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5363e59507a38b049fa27f1f0ea7731faee9de
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to