Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c32ef381 by Utkarsh Gupta at 2023-12-17T20:17:47+05:30
Mark slurm-llnl CVEs as end-of-life for buster
- - - - -
e2ab2d4d by Utkarsh Gupta at 2023-12-17T20:20:22+05:30
Mark TEMP-0000000-7CC552/tor as end-of-life for buster
- - - - -
e03912f0 by Utkarsh Gupta at 2023-12-17T20:21:38+05:30
Mark CVE-2023-4934{2-6}/budgie-extras as no-dsa for buster
- - - - -
35f694a8 by Utkarsh Gupta at 2023-12-17T20:22:16+05:30
Mark CVE-2023-5616/gnome-control-center as no-dsa for buster
- - - - -
c59096a3 by Utkarsh Gupta at 2023-12-17T20:22:49+05:30
Mark CVE-2023-50495/ncurses as no-dsa for buster
- - - - -
ef7bfb59 by Utkarsh Gupta at 2023-12-17T20:23:12+05:30
Mark CVE-2023-46750/shiro as no-dsa for buster
- - - - -
7600ad6e by Utkarsh Gupta at 2023-12-17T20:26:36+05:30
Mark CVE-2023-489{45-52}/virtuoso-opensource as no-dsa for buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -810,6 +810,7 @@ CVE-2023-46750 (URL Redirection to Untrusted Site ('Open
Redirect') vulnerabilit
- shiro <unfixed>
[bookworm] - shiro <no-dsa> (Minor issue)
[bullseye] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro <no-dsa> (Minor issue)
NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version
1.1.13, a ...)
NOT-FOR-US: PrestaShop module
@@ -895,6 +896,7 @@ CVE-2023-49346 (Temporary data passed between application
components by Budgie E
- budgie-extras 1.7.1-1
[bookworm] - budgie-extras <no-dsa> (Minor issue)
[bullseye] - budgie-extras <no-dsa> (Minor issue)
+ [buster] - budgie-extras <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE:
https://github.com/UbuntuBudgie/budgie-extras/commit/0092025ef25b48c287a75946c0ee797d3c142760
(v1.7.1)
@@ -902,6 +904,7 @@ CVE-2023-49345 (Temporary data passed between application
components by Budgie E
- budgie-extras 1.7.1-1
[bookworm] - budgie-extras <no-dsa> (Minor issue)
[bullseye] - budgie-extras <no-dsa> (Minor issue)
+ [buster] - budgie-extras <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE:
https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e
(v1.7.1)
@@ -909,6 +912,7 @@ CVE-2023-49344 (Temporary data passed between application
components by Budgie E
- budgie-extras 1.7.1-1
[bookworm] - budgie-extras <no-dsa> (Minor issue)
[bullseye] - budgie-extras <no-dsa> (Minor issue)
+ [buster] - budgie-extras <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE:
https://github.com/UbuntuBudgie/budgie-extras/commit/11b02011ad2f6d46485b292713af09f7314843a5
(v1.7.1)
@@ -916,6 +920,7 @@ CVE-2023-49343 (Temporary data passed between application
components by Budgie E
- budgie-extras 1.7.1-1
[bookworm] - budgie-extras <no-dsa> (Minor issue)
[bullseye] - budgie-extras <no-dsa> (Minor issue)
+ [buster] - budgie-extras <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE:
https://github.com/UbuntuBudgie/budgie-extras/commit/e75c94af249191bdbd33eebf7a62d4234a0d8be5
(v1.7.1)
@@ -923,6 +928,7 @@ CVE-2023-49342 (Temporary data passed between application
components by Budgie E
- budgie-extras 1.7.1-1
[bookworm] - budgie-extras <no-dsa> (Minor issue)
[bullseye] - budgie-extras <no-dsa> (Minor issue)
+ [buster] - budgie-extras <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE:
https://github.com/UbuntuBudgie/budgie-extras/commit/d03083732569126d2f21c8810d5a69554ccc5900
(v1.7.1)
@@ -1039,18 +1045,22 @@ CVE-2023-49934 (An issue was discovered in SchedMD
Slurm 23.11.x. There is SQL I
CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and
23.11.x ...)
- slurm-wlm <unfixed> (bug #1058720)
- slurm-llnl <removed>
+ [buster] - slurm-llnl <end-of-life> (EOL in buster LTS)
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and
23.11.x ...)
- slurm-wlm <unfixed> (bug #1058720)
- slurm-llnl <removed>
+ [buster] - slurm-llnl <end-of-life> (EOL in buster LTS)
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and
23.11.x ...)
- slurm-wlm <unfixed> (bug #1058720)
- slurm-llnl <removed>
+ [buster] - slurm-llnl <end-of-life> (EOL in buster LTS)
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x.
There is ...)
- slurm-wlm <unfixed> (bug #1058720)
- slurm-llnl <removed>
+ [buster] - slurm-llnl <end-of-life> (EOL in buster LTS)
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x.
There is ...)
- slurm-wlm <unfixed> (bug #1058720)
@@ -1458,6 +1468,7 @@ CVE-2023-50495 (NCurse v6.4-20230418 was discovered to
contain a segmentation fa
- ncurses 6.4+20230625-1
[bookworm] - ncurses <no-dsa> (Minor issue)
[bullseye] - ncurses <no-dsa> (Minor issue)
+ [buster] - ncurses <no-dsa> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html
NOTE:
https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html
NOTE: Fixed in ncurses-6.4-20230424 patchlevel
@@ -3756,41 +3767,49 @@ CVE-2023-48952 (An issue in the box_deserialize_reusing
function in openlink vir
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1175
CVE-2023-48951 (An issue in the box_equal function in openlink
virtuoso-opensource v7. ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1177
CVE-2023-48950 (An issue in the box_col_len function in openlink
virtuoso-opensource v ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1174
CVE-2023-48949 (An issue in the box_add function in openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1173
CVE-2023-48948 (An issue in the box_div function in openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1176
CVE-2023-48947 (An issue in the cha_cmp function of openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1179
CVE-2023-48946 (An issue in the box_mpy function of openlink
virtuoso-opensource v7.2. ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1178
CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11
allows attack ...)
- virtuoso-opensource <unfixed>
[bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1172
CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version
4.0.0 bef ...)
NOT-FOR-US: GL.iNet AX1800
@@ -4132,6 +4151,7 @@ CVE-2023-5616 [gnome-control-center incorrectly claims
remote login is off]
- gnome-control-center <unfixed> (bug #1058624)
[bookworm] - gnome-control-center <no-dsa> (Minor issue)
[bullseye] - gnome-control-center <no-dsa> (Minor issue)
+ [buster] - gnome-control-center <no-dsa> (Minor issue)
NOTE:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577
NOTE:
https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092
NOTE: TODO: check, potentially same incorrect checking of service and
socket status in budgie-control-center
@@ -6365,6 +6385,7 @@ CVE-2023-XXXX [tor TROVE-2023-004]
- tor 0.4.8.8-1
[bookworm] - tor 0.4.7.16-1
[bullseye] - tor <end-of-life> (see DSA 5562)
+ [buster] - tor <end-of-life> (see DLA 3685)
NOTE:
https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog
NOTE:
https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1
(tor-0.4.8.8)
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non
public ATM)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a408854af599c73c949c80c47424a17aea7d87...7600ad6e1f5e79afbdda854ccad2c9f46a2fe5c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a408854af599c73c949c80c47424a17aea7d87...7600ad6e1f5e79afbdda854ccad2c9f46a2fe5c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
