Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b97b1d8b by Moritz Muehlenhoff at 2024-01-08T20:35:53+01:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3062,6 +3062,8 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun [bullseye] - filezilla <no-dsa> (Minor issue) [buster] - filezilla <no-dsa> (Minor issue) - golang-go.crypto 1:0.17.0-1 (bug #1059003) + [bookworm] - golang-go.crypto <no-dsa> (Minor issue) + [bullseye] - golang-go.crypto <no-dsa> (Minor issue) - jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58) - libssh 0.10.6-1 (bug #1059004) - libssh2 1.11.0-4 (bug #1059005) @@ -3091,6 +3093,8 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun - python-asyncssh <unfixed> (bug #1059007) - tinyssh 20230101-4 (bug #1059058; unimportant) - trilead-ssh2 <unfixed> (bug #1059294) + [bookworm] - trilead-ssh2 <no-dsa> (Minor issue) + [bullseye] - trilead-ssh2 <no-dsa> (Minor issue) NOTE: https://terrapin-attack.com/ NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3 NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 @@ -4451,6 +4455,8 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neu CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) {DLA-3701-1} - tinyxml 2.6.2-6.1 (bug #1059315) + [bookworm] - tinyxml <no-dsa> (Minor issue) + [bullseye] - tinyxml <no-dsa> (Minor issue) NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities NOTE: Debian (non upstream) patch: https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...) @@ -7057,6 +7063,8 @@ CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 NOT-FOR-US: p2pa CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) - tinyxml <unfixed> (bug #1059315) + [bookworm] - tinyxml <no-dsa> (Minor issue) + [bullseye] - tinyxml <no-dsa> (Minor issue) NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...) NOT-FOR-US: NEC @@ -15628,6 +15636,8 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource - tomcat10 10.1.14-1 - trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427) - grpc <unfixed> + [bookworm] - grpc <no-dsa> (Minor issue) + [bullseye] - grpc <no-dsa> (Minor issue) - h2o 2.2.5+dfsg2-8 (bug #1054232) - haproxy 1.8.13-1 - nginx 1.24.0-2 (unimportant; bug #1053770) ===================================== data/dsa-needed.txt ===================================== @@ -39,6 +39,8 @@ php*seclib* (seb) -- php-cas/oldstable -- +php-dompdf-svg-lib/stable +-- php-horde-mime-viewer/oldstable -- php-horde-turba/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits