[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Wed, 22 Nov 2023 02:00:30 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1a0109c5 by Moritz Muehlenhoff at 2023-11-22T10:59:25+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,9 +76,10 @@ CVE-2023-6238 (A buffer overflow vulnerability was found in 
the NVM Express (NVM
 CVE-2023-6235 (An uncontrolled search path element vulnerability has been 
found in th ...)
        NOT-FOR-US: Duet Display for Windows
 CVE-2023-6228 [heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c]
-       - tiff <unfixed>
+       - tiff <unfixed> (unimportant)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/606
        NOTE: Fixed by: 
https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs 
showed e ...)
        - firefox 120.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
@@ -1536,9 +1537,13 @@ CVE-2023-47117 (Label Studio is an open source data 
labeling tool. In all curren
        NOT-FOR-US: Label Studio
 CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to 
control t ...)
        - python-asyncssh <unfixed> (bug #1055999)
+       [bookworm] - python-asyncssh <no-dsa> (Minor issue)
+       [bullseye] - python-asyncssh <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
 CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to 
control t ...)
        - python-asyncssh <unfixed> (bug #1056000)
+       [bookworm] - python-asyncssh <no-dsa> (Minor issue)
+       [bullseye] - python-asyncssh <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
 CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects 
Blood Bank  ...)
        NOT-FOR-US: Code-Projects Blood Bank
@@ -4573,6 +4578,8 @@ CVE-2023-46119 (Parse Server is an open source backend 
that can be deployed to a
        NOT-FOR-US: Parse Server
 CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. 
HTTP API  ...)
        - rabbitmq-server <unfixed>
+       [bookworm] - rabbitmq-server <no-dsa> (Minor issue)
+       [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
        NOTE: 
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
        NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708
 CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote 
attacker t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0109c5a3b29c102ddc93d794e6c0ba32b7e007

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0109c5a3b29c102ddc93d794e6c0ba32b7e007
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to