Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 16c529b4 by Moritz Muehlenhoff at 2023-02-28T16:23:12+01:00 bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9894,6 +9894,7 @@ CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not hav CVE-2023-0330 RESERVED - qemu <unfixed> (bug #1029155) + [bookworm] - qemu <no-dsa> (Minor issue) [bullseye] - qemu <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151 NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html @@ -25189,6 +25190,7 @@ CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/draw NOT-FOR-US: jgraph/drawio CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of QEMU. ...) - qemu <unfixed> (bug #1024022) + [bookworm] - qemu <no-dsa> (Minor issue) [bullseye] - qemu <no-dsa> (Minor issue) [buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567 @@ -88907,7 +88909,7 @@ CVE-2022-23608 (PJSIP is a free and open source multimedia communication library NOTE: https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) {DLA-2954-1} - - python-treq <unfixed> (bug #1005041) + - python-treq 22.2.0-0.1 (bug #1005041) [bullseye] - python-treq <no-dsa> (Minor issue) [buster] - python-treq <no-dsa> (Minor issue) NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc @@ -163175,7 +163177,7 @@ CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 sp NOTE: https://github.com/FluidSynth/fluidsynth/issues/808 NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9 CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) - - python-django-registration <unfixed> (bug #987366) + - python-django-registration 3.3-1 (bug #987366) [bullseye] - python-django-registration <no-dsa> (Minor issue) [buster] - python-django-registration <no-dsa> (Minor issue) [stretch] - python-django-registration <no-dsa> (Minor issue) @@ -397130,15 +397132,14 @@ CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x befor CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...) NOT-FOR-US: D-Link CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...) - - python-pysaml2 <unfixed> (low; bug #859135) - [bullseye] - python-pysaml2 <no-dsa> (Minor issue) - [buster] - python-pysaml2 <no-dsa> (Minor issue) + - python-pysaml2 4.5.0-2 (low; bug #859135) [stretch] - python-pysaml2 <no-dsa> (Minor issue) [jessie] - python-pysaml2 <no-dsa> (Minor issue) NOTE: https://github.com/rohe/pysaml2/issues/366 NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12 NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE) + NOTE: https://github.com/IdentityPython/pysaml2/commit/6e09a25d9 (4.4.0-1) CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...) {DSA-3759-1} - python-pysaml2 3.0.0-5 (bug #850716) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c529b4ee6c664dd750ceef7a23eccf1e5e49de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c529b4ee6c664dd750ceef7a23eccf1e5e49de You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits