Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16c529b4 by Moritz Muehlenhoff at 2023-02-28T16:23:12+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9894,6 +9894,7 @@ CVE-2023-0331 (The Correos Oficial WordPress plugin
through 1.2.0.2 does not hav
CVE-2023-0330
RESERVED
- qemu <unfixed> (bug #1029155)
+ [bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151
NOTE: Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
@@ -25189,6 +25190,7 @@ CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in
GitHub repository jgraph/draw
NOT-FOR-US: jgraph/drawio
CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of
QEMU. ...)
- qemu <unfixed> (bug #1024022)
+ [bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned
patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
@@ -88907,7 +88909,7 @@ CVE-2022-23608 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on
top of Twi ...)
{DLA-2954-1}
- - python-treq <unfixed> (bug #1005041)
+ - python-treq 22.2.0-0.1 (bug #1005041)
[bullseye] - python-treq <no-dsa> (Minor issue)
[buster] - python-treq <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
@@ -163175,7 +163177,7 @@ CVE-2021-21417 (fluidsynth is a software synthesizer
based on the SoundFont 2 sp
NOTE: https://github.com/FluidSynth/fluidsynth/issues/808
NOTE:
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
CVE-2021-21416 (django-registration is a user registration package for Django.
The dja ...)
- - python-django-registration <unfixed> (bug #987366)
+ - python-django-registration 3.3-1 (bug #987366)
[bullseye] - python-django-registration <no-dsa> (Minor issue)
[buster] - python-django-registration <no-dsa> (Minor issue)
[stretch] - python-django-registration <no-dsa> (Minor issue)
@@ -397130,15 +397132,14 @@ CVE-2016-10126 (Splunk Web in Splunk Enterprise
5.0.x before 5.0.17, 6.0.x befor
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a
hardcoded ...)
NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity
(XXE) a ...)
- - python-pysaml2 <unfixed> (low; bug #859135)
- [bullseye] - python-pysaml2 <no-dsa> (Minor issue)
- [buster] - python-pysaml2 <no-dsa> (Minor issue)
+ - python-pysaml2 4.5.0-2 (low; bug #859135)
[stretch] - python-pysaml2 <no-dsa> (Minor issue)
[jessie] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/366
NOTE: A proper fix for this issue would be to fix the underlying issue
in src:libxml2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the
scope of the CVE)
+ NOTE: https://github.com/IdentityPython/pysaml2/commit/6e09a25d9
(4.4.0-1)
CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and
earlier a ...)
{DSA-3759-1}
- python-pysaml2 3.0.0-5 (bug #850716)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c529b4ee6c664dd750ceef7a23eccf1e5e49de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c529b4ee6c664dd750ceef7a23eccf1e5e49de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
