Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30867de7 by Moritz Muehlenhoff at 2023-12-06T10:46:03+01:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,9 @@ CVE-2023-39326 [net/http: limit chunked data overhead]
- golang-1.21 1.21.5-1
- golang-1.20 1.20.12-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
NOTE: https://go.dev/issue/64433
NOTE:
https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7
(go1.21.5)
@@ -66,7 +68,9 @@ CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to
insecure git]
- golang-1.21 1.21.5-1
- golang-1.20 1.20.12-1
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
NOTE: https://go.dev/issue/63845
NOTE:
https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3
(go1.21.5)
@@ -152,6 +156,8 @@ CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS
and Dell Precision BI
NOT-FOR-US: Dell
CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream
Parsing f ...)
- gpsd <unfixed>
+ [bookworm] - gpsd <no-dsa> (Minor issue)
+ [bullseye] - gpsd <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860
NOTE:
https://gitlab.com/gpsd/gpsd/-/commit/3e5c6c28c422102dd453e31912e1e79d1f7ff7f2
CVE-2023-43608 (A data integrity vulnerability exists in the
BR_NO_CHECK_HASH_FOR func ...)
@@ -8775,6 +8781,8 @@ CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0
through 12.0.8.0 contains an
CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in
WordPres ...)
{DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
+ [bookworm] - wordpress <no-dsa> (Minor issue)
+ [bullseye] - wordpress <no-dsa> (Minor issue)
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56843/
CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
@@ -90460,6 +90468,7 @@ CVE-2022-2851
CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content
Synchronization plug ...)
{DLA-3399-1}
- 389-ds-base 2.3.1-1 (bug #1018054)
+ [bullseye] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
NOTE:
https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
NOTE: https://github.com/389ds/389-ds-base/issues/5418
=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ gpac/oldstable
--
h2o (jmm)
--
+haproxy
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on
bullseye-security backports
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30867de72c030a7ee243172c7b235dbf4b2e4ae9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30867de72c030a7ee243172c7b235dbf4b2e4ae9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
