Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 12ab88d6 by Moritz Muehlenhoff at 2023-08-29T12:53:13+02:00 bookworm/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -105,6 +105,8 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr TODO: check CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...) - busybox <unfixed> + [bookworm] - busybox <no-dsa> (Minor issue) + [bullseye] - busybox <no-dsa> (Minor issue) NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System @@ -1875,14 +1877,18 @@ CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract de NOT-FOR-US: OpenZeppelin Contracts CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) - php8.2 <unfixed> (bug #1043477) + [bookworm] - php8.2 <postponed> (Fix along in future update) - php7.4 <removed> + [bullseye] - php7.4 <postponed> (Fix along in future update) - php7.3 <removed> NOTE: https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) - php8.2 <unfixed> (bug #1043477) + [bookworm] - php8.2 <postponed> (Fix along in future update) - php7.4 <removed> + [bullseye] - php7.4 <postponed> (Fix along in future update) - php7.3 <removed> NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30) ===================================== data/dsa-needed.txt ===================================== @@ -16,15 +16,18 @@ aom/oldstable (apo) -- cinder/oldstable -- +file/oldstable +-- flac/oldstable -- frr (aron) maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- +json-c/oldstable (jmm) +-- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits