Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a1b5eb28 by Moritz Muehlenhoff at 2023-03-14T16:29:52+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -557,6 +557,7 @@ CVE-2023-1351 (A vulnerability classified as critical has been found in SourceCo NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critical. A ...) - liferea 1.14.1-1 (bug #1032822) + [bullseye] - liferea <no-dsa> (Minor issue) NOTE: Introduced by: https://github.com/lwindolf/liferea/commit/b8288389820a3f510ef4b21684b22439c41d95a5 (v1.12.0) NOTE: introduced by: https://github.com/lwindolf/liferea/commit/b67dbba73443ab7b36fcd3c78aa803e974c0f23e (v1.12.0) NOTE: Fixed by: https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 (v1.14.1) @@ -1003,6 +1004,7 @@ CVE-2023-1290 (A vulnerability, which was classified as critical, has been found CVE-2023-1289 RESERVED - imagemagick <unfixed> + [bullseye] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA Live Co ...) @@ -2112,6 +2114,7 @@ CVE-2023-1176 RESERVED CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...) - vim 2:9.0.1378-1 + [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378) CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...) @@ -2245,9 +2248,10 @@ CVE-2023-1172 CVE-2023-1171 RESERVED CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - - vim 2:9.0.1378-1 + - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376) + NOTE: Crash in CLI tool, no security impact CVE-2023-1169 RESERVED CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...) @@ -7762,6 +7766,7 @@ CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that imple NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0) CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp <not-affected> (Vulnerable code not present) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74 NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0) CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) @@ -7770,6 +7775,7 @@ CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0) CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp <not-affected> (Vulnerable code not present) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0) CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) @@ -48847,6 +48853,7 @@ CVE-2022-38102 RESERVED CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...) - intel-microcode <unfixed> (bug #1031334) + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-38084 @@ -54402,6 +54409,7 @@ CVE-2022-34657 RESERVED CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...) - intel-microcode <unfixed> (bug #1031334) + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...) @@ -58463,6 +58471,7 @@ CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before ver NOT-FOR-US: Intel CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...) - intel-microcode <unfixed> (bug #1031334) + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-33197 @@ -106282,6 +106291,7 @@ CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During - snipe-it <itp> (bug #1005172) CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...) - intel-microcode <unfixed> (bug #1031334) + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) @@ -106297,6 +106307,7 @@ CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit An CVE-2022-21151 (Processor optimization removal or modification of security-critical co ...) {DSA-5178-1} - intel-microcode 3.20220510.1 (bug #1010947) + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510 CVE-2022-21138 @@ -106725,6 +106736,7 @@ CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode <no-dsa> (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 @@ -106736,12 +106748,14 @@ CVE-2022-21166 (Incomplete cleanup in specific special register write operations CVE-2022-21127 (Incomplete cleanup in specific special register read operations for so ...) {DSA-5178-1} - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode <no-dsa> (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 @@ -106753,6 +106767,7 @@ CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some In CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode <no-dsa> (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 ===================================== data/dsa-needed.txt ===================================== @@ -26,6 +26,8 @@ linux (carnil) netatalk open regression with MacOS, tentative patch not yet merged upstream -- +node-sqlite3 (jmm) +-- nodejs (aron) -- openimageio View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1b5eb28454db6d688b0729f059177a02c40bb4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1b5eb28454db6d688b0729f059177a02c40bb4e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits