bookworm triage

Moritz Muehlenhoff (@jmm) Thu, 16 Nov 2023 02:58:41 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cbf5d52a by Moritz Muehlenhoff at 2023-11-16T11:57:11+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,9 +32,13 @@ CVE-2023-47471 (Buffer Overflow vulnerability in strukturag 
libde265 v1.10.12 al
        NOTE: 
https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
 CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 
456574705 ...)
        - ffmpeg 7:6.1-1
+       [bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
+       [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+       [buster] - ffmpeg <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60
 (n6.1)
        NOTE: 
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/
        NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg
+       NOTE: Introduced in 
https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819
 CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows 
authenticate ...)
        TODO: check
 CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows 
attackers to cau ...)
@@ -5928,6 +5932,8 @@ CVE-2023-32723 (Request to LDAP is sent before user 
permissions are checked.)
        NOTE: very likely commit 
https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688
 (for 4.0.x)
 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer 
overflow  ...)
        - zabbix <unfixed> (bug #1053877)
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        [buster] - zabbix <not-affected> (vulnerable code introduced later)
        NOTE: https://support.zabbix.com/browse/ZBX-23390
 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in 
the Maps  ...)
@@ -33638,6 +33644,7 @@ CVE-2023-29001
        RESERVED
 CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
        - nextcloud-desktop 3.7.0-1
+       [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: https://github.com/nextcloud/desktop/pull/4949
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534
@@ -33651,11 +33658,13 @@ CVE-2023-28999 (Nextcloud is an open-source 
productivity platform. In Nextcloud
        NOTE: https://github.com/nextcloud/desktop/pull/5560
 CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
        - nextcloud-desktop 3.7.0-1
+       [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: https://github.com/nextcloud/desktop/pull/5323
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
 CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
        - nextcloud-desktop 3.7.0-1
+       [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: https://github.com/nextcloud/desktop/pull/5324
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
@@ -113225,6 +113234,7 @@ CVE-2022-29154 (An issue was discovered in rsync 
before 3.2.5 that allows malici
        NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a
 (v3.2.5pre1)
 CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, 
and 1.11. ...)
        - consul 1.9.17+dfsg2-1 (bug #1017982)
+       [bullseye] - consul <no-dsa> (Minor issue)
        [buster] - consul <ignored> (Intrusive to backport)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
        NOTE: 
https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19
 (v1.9.17)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf5d52a8fe0533e9eab8b136fa191c981b16ef3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf5d52a8fe0533e9eab8b136fa191c981b16ef3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to