Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e79b6fd9 by Moritz Muehlenhoff at 2024-11-11T09:44:22+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107443,11 +107443,11 @@ CVE-2023-40031 (Notepad++ is a free and open-source
source code editor. Versions
NOT-FOR-US: Notepad++
CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and
compiles the pr ...)
- cargo <unfixed> (bug #1059305)
- [bookworm] - cargo <no-dsa> (Minor issue)
+ [bookworm] - cargo <ignored> (Minor issue)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <no-dsa> (Minor issue)
- rust-cargo 0.76.0-1 (bug #1059306)
- [bookworm] - rust-cargo <no-dsa> (Minor issue)
+ [bookworm] - rust-cargo <ignored> (Minor issue)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <no-dsa> (Minor issue)
NOTE:
https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p
@@ -110378,11 +110378,11 @@ CVE-2023-33665 (ai-dev aitable before v0.2.2 was
discovered to contain a SQL inj
NOT-FOR-US: ai-dev aitable
CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and
compiles the ...)
- cargo <unfixed> (bug #1043553)
- [bookworm] - cargo <no-dsa> (Minor issue)
+ [bookworm] - cargo <ignored> (Minor issue)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <postponed> (Minor issue, hard to exploit)
- rust-cargo 0.76.0-1 (bug #1043554)
- [bookworm] - rust-cargo <no-dsa> (Minor issue)
+ [bookworm] - rust-cargo <ignored> (Minor issue)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <postponed> (Minor issue, hard to exploit)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -136797,13 +136797,11 @@ CVE-2023-26114 (Versions of the package code-server
before 4.10.1 are vulnerable
CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are
vulnerable to P ...)
NOT-FOR-US: collection.js
CVE-2023-26112 (All versions of the package configobj are vulnerable to
Regular Expres ...)
- - configobj 5.0.8-2 (bug #1034152)
- [bookworm] - configobj <no-dsa> (Minor issue)
- [bullseye] - configobj <no-dsa> (Minor issue)
- [buster] - configobj <no-dsa> (Minor issue)
+ - configobj 5.0.8-2 (bug #1034152; unimportant)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
NOTE: https://github.com/DiffSK/configobj/issues/232
NOTE: https://github.com/DiffSK/configobj/pull/236
+ NOTE: Negligible security impact
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all
versions of ...)
NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to
Buffer Ov ...)
@@ -260341,7 +260339,7 @@ CVE-2021-36490
RESERVED
CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows
attacker ...)
- allegro4.4 <unfixed> (bug #1032670)
- [bookworm] - allegro4.4 <no-dsa> (Minor issue)
+ [bookworm] - allegro4.4 <ignored> (Minor issue)
[bullseye] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro4.4 <no-dsa> (Minor issue)
- allegro5 2:5.2.8.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79b6fd9b2b0f18e3e40cf957f932b3741344cc0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79b6fd9b2b0f18e3e40cf957f932b3741344cc0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
