Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12ab88d6 by Moritz Muehlenhoff at 2023-08-29T12:53:13+02:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,6 +105,8 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter
web applications. Impr
TODO: check
CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows
attackers to ex ...)
- busybox <unfixed>
+ [bookworm] - busybox <no-dsa> (Minor issue)
+ [bullseye] - busybox <no-dsa> (Minor issue)
NOTE:
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free
and Open S ...)
NOT-FOR-US: Free and Open Source Inventory Management System
@@ -1875,14 +1877,18 @@ CVE-2023-40014 (OpenZeppelin Contracts is a library for
secure smart contract de
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* bef ...)
- php8.2 <unfixed> (bug #1043477)
+ [bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
+ [bullseye] - php7.4 <postponed> (Fix along in future update)
- php7.3 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
NOTE:
https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef
(php-8.0.30)
NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* be ...)
- php8.2 <unfixed> (bug #1043477)
+ [bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
+ [bullseye] - php7.4 <postponed> (Fix along in future update)
- php7.3 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
NOTE:
https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975
(php-8.0.30)
=====================================
data/dsa-needed.txt
=====================================
@@ -16,15 +16,18 @@ aom/oldstable (apo)
--
cinder/oldstable
--
+file/oldstable
+--
flac/oldstable
--
frr (aron)
maintainer proposed to update to 8.4.4 for bookworm, which might be a good
idea
--
+json-c/oldstable (jmm)
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on
bullseye-security backports
--
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y and 6.1.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
