Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: c32ef381 by Utkarsh Gupta at 2023-12-17T20:17:47+05:30 Mark slurm-llnl CVEs as end-of-life for buster - - - - - e2ab2d4d by Utkarsh Gupta at 2023-12-17T20:20:22+05:30 Mark TEMP-0000000-7CC552/tor as end-of-life for buster - - - - - e03912f0 by Utkarsh Gupta at 2023-12-17T20:21:38+05:30 Mark CVE-2023-4934{2-6}/budgie-extras as no-dsa for buster - - - - - 35f694a8 by Utkarsh Gupta at 2023-12-17T20:22:16+05:30 Mark CVE-2023-5616/gnome-control-center as no-dsa for buster - - - - - c59096a3 by Utkarsh Gupta at 2023-12-17T20:22:49+05:30 Mark CVE-2023-50495/ncurses as no-dsa for buster - - - - - ef7bfb59 by Utkarsh Gupta at 2023-12-17T20:23:12+05:30 Mark CVE-2023-46750/shiro as no-dsa for buster - - - - - 7600ad6e by Utkarsh Gupta at 2023-12-17T20:26:36+05:30 Mark CVE-2023-489{45-52}/virtuoso-opensource as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -810,6 +810,7 @@ CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit - shiro <unfixed> [bookworm] - shiro <no-dsa> (Minor issue) [bullseye] - shiro <no-dsa> (Minor issue) + [buster] - shiro <no-dsa> (Minor issue) NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...) NOT-FOR-US: PrestaShop module @@ -895,6 +896,7 @@ CVE-2023-49346 (Temporary data passed between application components by Budgie E - budgie-extras 1.7.1-1 [bookworm] - budgie-extras <no-dsa> (Minor issue) [bullseye] - budgie-extras <no-dsa> (Minor issue) + [buster] - budgie-extras <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/0092025ef25b48c287a75946c0ee797d3c142760 (v1.7.1) @@ -902,6 +904,7 @@ CVE-2023-49345 (Temporary data passed between application components by Budgie E - budgie-extras 1.7.1-1 [bookworm] - budgie-extras <no-dsa> (Minor issue) [bullseye] - budgie-extras <no-dsa> (Minor issue) + [buster] - budgie-extras <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1) @@ -909,6 +912,7 @@ CVE-2023-49344 (Temporary data passed between application components by Budgie E - budgie-extras 1.7.1-1 [bookworm] - budgie-extras <no-dsa> (Minor issue) [bullseye] - budgie-extras <no-dsa> (Minor issue) + [buster] - budgie-extras <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/11b02011ad2f6d46485b292713af09f7314843a5 (v1.7.1) @@ -916,6 +920,7 @@ CVE-2023-49343 (Temporary data passed between application components by Budgie E - budgie-extras 1.7.1-1 [bookworm] - budgie-extras <no-dsa> (Minor issue) [bullseye] - budgie-extras <no-dsa> (Minor issue) + [buster] - budgie-extras <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/e75c94af249191bdbd33eebf7a62d4234a0d8be5 (v1.7.1) @@ -923,6 +928,7 @@ CVE-2023-49342 (Temporary data passed between application components by Budgie E - budgie-extras 1.7.1-1 [bookworm] - budgie-extras <no-dsa> (Minor issue) [bullseye] - budgie-extras <no-dsa> (Minor issue) + [buster] - budgie-extras <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/d03083732569126d2f21c8810d5a69554ccc5900 (v1.7.1) @@ -1039,18 +1045,22 @@ CVE-2023-49934 (An issue was discovered in SchedMD Slurm 23.11.x. There is SQL I CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> (bug #1058720) - slurm-llnl <removed> + [buster] - slurm-llnl <end-of-life> (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> (bug #1058720) - slurm-llnl <removed> + [buster] - slurm-llnl <end-of-life> (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> (bug #1058720) - slurm-llnl <removed> + [buster] - slurm-llnl <end-of-life> (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is ...) - slurm-wlm <unfixed> (bug #1058720) - slurm-llnl <removed> + [buster] - slurm-llnl <end-of-life> (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is ...) - slurm-wlm <unfixed> (bug #1058720) @@ -1458,6 +1468,7 @@ CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fa - ncurses 6.4+20230625-1 [bookworm] - ncurses <no-dsa> (Minor issue) [bullseye] - ncurses <no-dsa> (Minor issue) + [buster] - ncurses <no-dsa> (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html NOTE: Fixed in ncurses-6.4-20230424 patchlevel @@ -3756,41 +3767,49 @@ CVE-2023-48952 (An issue in the box_deserialize_reusing function in openlink vir - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1175 CVE-2023-48951 (An issue in the box_equal function in openlink virtuoso-opensource v7. ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1177 CVE-2023-48950 (An issue in the box_col_len function in openlink virtuoso-opensource v ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1174 CVE-2023-48949 (An issue in the box_add function in openlink virtuoso-opensource v7.2. ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1173 CVE-2023-48948 (An issue in the box_div function in openlink virtuoso-opensource v7.2. ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1176 CVE-2023-48947 (An issue in the cha_cmp function of openlink virtuoso-opensource v7.2. ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1179 CVE-2023-48946 (An issue in the box_mpy function of openlink virtuoso-opensource v7.2. ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1178 CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 allows attack ...) - virtuoso-opensource <unfixed> [bookworm] - virtuoso-opensource <no-dsa> (Minor issue) [bullseye] - virtuoso-opensource <no-dsa> (Minor issue) + [buster] - virtuoso-opensource <no-dsa> (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1172 CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...) NOT-FOR-US: GL.iNet AX1800 @@ -4132,6 +4151,7 @@ CVE-2023-5616 [gnome-control-center incorrectly claims remote login is off] - gnome-control-center <unfixed> (bug #1058624) [bookworm] - gnome-control-center <no-dsa> (Minor issue) [bullseye] - gnome-control-center <no-dsa> (Minor issue) + [buster] - gnome-control-center <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 NOTE: https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092 NOTE: TODO: check, potentially same incorrect checking of service and socket status in budgie-control-center @@ -6365,6 +6385,7 @@ CVE-2023-XXXX [tor TROVE-2023-004] - tor 0.4.8.8-1 [bookworm] - tor 0.4.7.16-1 [bullseye] - tor <end-of-life> (see DSA 5562) + [buster] - tor <end-of-life> (see DLA 3685) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a408854af599c73c949c80c47424a17aea7d87...7600ad6e1f5e79afbdda854ccad2c9f46a2fe5c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a408854af599c73c949c80c47424a17aea7d87...7600ad6e1f5e79afbdda854ccad2c9f46a2fe5c8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits