Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b97b1d8b by Moritz Muehlenhoff at 2024-01-08T20:35:53+01:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3062,6 +3062,8 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
[bullseye] - filezilla <no-dsa> (Minor issue)
[buster] - filezilla <no-dsa> (Minor issue)
- golang-go.crypto 1:0.17.0-1 (bug #1059003)
+ [bookworm] - golang-go.crypto <no-dsa> (Minor issue)
+ [bullseye] - golang-go.crypto <no-dsa> (Minor issue)
- jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61;
*-EtM support introduced in 0.1.58)
- libssh 0.10.6-1 (bug #1059004)
- libssh2 1.11.0-4 (bug #1059005)
@@ -3091,6 +3093,8 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
- python-asyncssh <unfixed> (bug #1059007)
- tinyssh 20230101-4 (bug #1059058; unimportant)
- trilead-ssh2 <unfixed> (bug #1059294)
+ [bookworm] - trilead-ssh2 <no-dsa> (Minor issue)
+ [bullseye] - trilead-ssh2 <no-dsa> (Minor issue)
NOTE: https://terrapin-attack.com/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
NOTE: dropbear:
https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
@@ -4451,6 +4455,8 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27
- CWE-78: Improper Neu
CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in
TinyXML ...)
{DLA-3701-1}
- tinyxml 2.6.2-6.1 (bug #1059315)
+ [bookworm] - tinyxml <no-dsa> (Minor issue)
+ [bullseye] - tinyxml <no-dsa> (Minor issue)
NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
NOTE: Debian (non upstream) patch:
https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch
CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109
allowed ...)
@@ -7057,6 +7063,8 @@ CVE-2023-47418 (Remote Code Execution (RCE) vulnerability
in o2oa version 8.1.2
NOT-FOR-US: p2pa
CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- tinyxml <unfixed> (bug #1059315)
+ [bookworm] - tinyxml <no-dsa> (Minor issue)
+ [bullseye] - tinyxml <no-dsa> (Minor issue)
NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900
and DT900 ...)
NOT-FOR-US: NEC
@@ -15628,6 +15636,8 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of
service (server resource
- tomcat10 10.1.14-1
- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
- grpc <unfixed>
+ [bookworm] - grpc <no-dsa> (Minor issue)
+ [bullseye] - grpc <no-dsa> (Minor issue)
- h2o 2.2.5+dfsg2-8 (bug #1054232)
- haproxy 1.8.13-1
- nginx 1.24.0-2 (unimportant; bug #1053770)
=====================================
data/dsa-needed.txt
=====================================
@@ -39,6 +39,8 @@ php*seclib* (seb)
--
php-cas/oldstable
--
+php-dompdf-svg-lib/stable
+--
php-horde-mime-viewer/oldstable
--
php-horde-turba/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
