Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e5dd925 by Moritz Muehlenhoff at 2023-01-30T13:14:37+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2935,6 +2935,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0002]
NOTE: https://github.com/rust-lang/git2-rs/pull/909
CVE-2023-XXXX [RUSTSEC-2022-0078]
- rust-bumpalo <unfixed>
+ [bullseye] - rust-bumpalo <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html
NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
CVE-2023-23698
@@ -12387,6 +12388,7 @@ CVE-2022-4397 (A vulnerability was found in morontt
zend-blog-number-2. It has b
NOT-FOR-US: morontt zend-blog-number-2
CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
RDFlib py ...)
- python-pyrdfa 3.5.2+20220329~ds-1 (bug #1026051)
+ [bullseye] - python-pyrdfa <no-dsa> (Minor issue)
NOTE:
https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e
NOTE: https://github.com/RDFLib/pyrdfa3/pull/40
CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM
2021.2.3.327 allo ...)
@@ -31025,6 +31027,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3
allows prototype poisonin
NOTE: Fixed by:
https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90
(v9.0.3)
CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module
prior to ...)
- puppet-module-puppetlabs-mysql <unfixed> (bug #1027154)
+ [bullseye] - puppet-module-puppetlabs-mysql <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2022-3276
NOTE:
https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d
(v13.0.0)
NOTE:
https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071
(v13.0.0)
@@ -45186,6 +45189,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel
game engine with easy moddi
NOTE:
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
(5.6.0)
CVE-2022-35977 (Redis is an in-memory database that persists on disk.
Authenticated us ...)
- redis 5:7.0.8-1
+ [bullseye] - redis <no-dsa> (Minor issue)
NOTE:
https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea
(7.0.8)
CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in
order t ...)
NOT-FOR-US: GitOps Tools Extension for VSCode
@@ -81059,6 +81063,7 @@ CVE-2022-23838
CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no
limit on the ...)
{DLA-2943-1}
- ruby-sidekiq <unfixed> (bug #1004193)
+ [bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE:
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
(v6.4.0)
CVE-2022-23836
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5dd925f26f10f7189f3c8f80d0546f2470ac47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5dd925f26f10f7189f3c8f80d0546f2470ac47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
