[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Wed, 15 Nov 2023 02:27:01 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c174d13 by Moritz Muehlenhoff at 2023-11-15T11:26:23+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,6 +18,8 @@ CVE-2023-47678 (An improper access control vulnerability 
exists in RT-AC87U all
        NOT-FOR-US: ASUSTeK
 CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.8.1-2
+       [bookworm] - python-aiohttp <no-dsa> (Minor issue)
+       [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
 (v3.8.0b0)
 CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC 
signature for Da ...)
@@ -28,6 +30,8 @@ CVE-2023-47630 (Kyverno is a policy engine designed for 
Kubernetes. An issue was
        NOT-FOR-US: Kyverno
 CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.8.6-1
+       [bookworm] - python-aiohttp <no-dsa> (Minor issue)
+       [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
 (v3.8.6)
 CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in 
V-Server  ...)
@@ -1110,6 +1114,8 @@ CVE-2023-45875 (An issue was discovered in Couchbase 
Server 7.2.0. There is a pr
        NOT-FOR-US: Couchbase Server
 CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the 
confident ...)
        - node-axios <unfixed>
+       [bookworm] - node-axios <no-dsa> (Minor issue)
+       [bullseye] - node-axios <no-dsa> (Minor issue)
        NOTE: https://github.com/axios/axios/issues/6006
 CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
        NOT-FOR-US: Zavio


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ cinder/oldstable
 fastdds
   Awaiting feedback from maintainer on bullseye status
 --
+gimp
+--
 gpac/oldstable (jmm)
 --
 intel-microcode (carnil)
@@ -92,6 +94,8 @@ squid
 --
 tiff (aron)
 --
+tor
+--
 xen (jmm)
 --
 zbar



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c174d13cb3c42bf2643b125d0e78af75826a749

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c174d13cb3c42bf2643b125d0e78af75826a749
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to