Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6718b1f7 by Moritz Muehlenhoff at 2023-11-22T17:02:18+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1149,6 +1149,8 @@ CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer
Overflow Remote Code Exe
- gimp 2.10.36-1 (bug #1055984)
[buster] - gimp <not-affected> (DDS plugin added in 2.10.10)
- gimp-dds <removed>
+ [bookworm] - gimp-dds <no-dsa> (Obsoleted by src:gimp, should get
dropped via Breaks)
+ [bullseye] - gimp-dds <no-dsa> (Obsoleted by src:gimp, should get
dropped via Breaks)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
NOTE:
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
NOTE:
https://gitlab.gnome.org/GNOME/gimp/-/commit/7db71cd0b6e36c454aa0d2d3efeec7e636db4dbc
(GIMP_2_10_36)
@@ -6569,6 +6571,8 @@ CVE-2023-5563 (The SJA1000 CAN controller driver backend
automatically attempt t
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in
the sand ...)
- tracker-miners 3.4.5-1 (bug #1053881)
+ [bookworm] - tracker-miners <no-dsa> (Minor issue)
+ [bullseye] - tracker-miners <no-dsa> (Minor issue)
NOTE:
https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape
NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480
@@ -43353,6 +43357,8 @@ CVE-2023-26142 (All versions of the package crow are
vulnerable to HTTP Response
NOT-FOR-US: Crow
CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to
Denial ...)
- ruby-sidekiq <unfixed>
+ [bookworm] - ruby-sidekiq <no-dsa> (Minor issue)
+ [bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
[buster] - ruby-sidekiq <no-dsa> (Minor issue, DoS still possible)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
NOTE:
https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
(v7.1.3)
@@ -229819,15 +229825,23 @@ CVE-2020-24296
RESERVED
CVE-2020-24295 (Buffer Overflow vulnerability in
PSDParser.cpp::ReadImageLine() in Fre ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <postponed> (Revisit when patches are available)
+ [bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function
in PSDP ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <postponed> (Revisit when patches are available)
+ [bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in
PSDParser.cpp i ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <postponed> (Revisit when patches are available)
+ [bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
CVE-2020-24292 (Buffer Overflow vulnerability in load function in
PluginICO.cpp in Fre ...)
- freeimage <unfixed>
+ [bookworm] - freeimage <postponed> (Revisit when patches are available)
+ [bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
CVE-2020-24291
RESERVED
@@ -481417,11 +481431,15 @@ CVE-2016-1245 (It was discovered that the zebra
daemon in Quagga before 1.0.2016
CVE-2016-1244 (The extractTree function in unADF allows remote attackers to
execute a ...)
{DSA-3676-1 DLA-631-1}
- unadf <unfixed> (bug #838248)
+ [bookworm] - unadf <no-dsa> (Minor issue)
+ [bullseye] - unadf <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the
upstream fix.
CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in
unADF allow ...)
{DSA-3676-1 DLA-631-1}
- unadf <unfixed> (bug #838248)
+ [bookworm] - unadf <no-dsa> (Minor issue)
+ [bullseye] - unadf <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the
upstream fix.
CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x
before 3 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6718b1f7011e963f7d1ed317be9f222859974ee4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6718b1f7011e963f7d1ed317be9f222859974ee4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
