[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 23 May 2023 06:37:52 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4e7e8196 by Moritz Mühlenhoff at 2023-05-23T15:37:10+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in 
EyouCMS v1.6.2 allows att
 CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 
1.0.32, and ...)
        - wabt <unfixed> (unimportant)
        NOTE: https://github.com/WebAssembly/wabt/issues/2199
-       NOTE: Crash in CLI, no security impact
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in 
/authenticatio ...)
        NOT-FOR-US: WSO2
 CVE-2023-2845 (Improper Access Control in GitHub repository 
cloudexplorer-dev/cloudex ...)
@@ -652,7 +652,6 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 
1.2.2, as used in Semgre
 CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw 
ouccers due t ...)
        [experimental] - libvirt 9.3.0-1
        - libvirt <unfixed> (bug #1036297)
-       [bookworm] - libvirt <no-dsa> (Minor issue)
        [bullseye] - libvirt <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
        NOTE: Fixed by: 
https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
 (v9.3.0)
@@ -10144,6 +10143,8 @@ CVE-2023-28440 (Discourse is an open source platform 
for community discussion. I
 CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
        - ckeditor <unfixed> (bug #1034481)
        - ckeditor3 <unfixed>
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
+       [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        NOTE: 
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
        NOTE: 
https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef
 (4.21.0)
@@ -96220,6 +96221,8 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are 
vulnerable to Command In
        NOT-FOR-US: simple-git
 CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to 
Command Inject ...)
        - cookiecutter <unfixed> (bug #1013279)
+       [bookworm] - cookiecutter <no-dsa> (Minor issue)
+       [bullseye] - cookiecutter <no-dsa> (Minor issue)
        [buster] - cookiecutter <no-dsa> (Minor issue)
        [stretch] - cookiecutter <no-dsa> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281
@@ -99674,6 +99677,7 @@ CVE-2022-24729 (CKEditor4 is an open source 
what-you-see-is-what-you-get HTML ed
        [bullseye] - ckeditor <no-dsa> (Minor issue)
        [buster] - ckeditor <no-dsa> (Minor issue)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -99683,6 +99687,7 @@ CVE-2022-24728 (CKEditor4 is an open source 
what-you-see-is-what-you-get HTML ed
        [bullseye] - ckeditor <no-dsa> (Minor issue)
        [buster] - ckeditor <no-dsa> (Minor issue)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -127231,6 +127236,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG 
HTML editor. In affected ver
        [buster] - ckeditor <no-dsa> (Minor issue)
        [stretch] - ckeditor <no-dsa> (Minor issue)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -136268,6 +136274,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG 
HTML editor with rich content
        [bullseye] - ckeditor <no-dsa> (Minor issue)
        [buster] - ckeditor <no-dsa> (Minor issue)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -145501,6 +145508,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) 
vulnerability in the HTML Data Proc
        - ckeditor 4.16.0+dfsg-2
        [buster] - ckeditor <no-dsa> (Minor issue)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -165322,6 +165330,7 @@ CVE-2021-26271 (It was possible to execute a 
ReDoS-type attack inside CKEditor 4
        [buster] - ckeditor <no-dsa> (Minor issue)
        [stretch] - ckeditor <postponed> (Fix along next DLA)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -324764,6 +324773,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows 
user-assisted XSS involving a
        [stretch] - ckeditor <ignored> (Minor issue, XSS through direct 
copy/paste by victim, no identified patch)
        [jessie] - ckeditor <ignored> (Minor issue)
        - ckeditor3 <unfixed> (low; bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -493476,6 +493486,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) 
vulnerability in the Preview plugin be
        [wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
        [squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
        - ckeditor3 <unfixed> (bug #1015217)
+       [bookworm] - ckeditor3 <no-dsa> (Minor issue)
        [bullseye] - ckeditor3 <no-dsa> (Minor issue)
        [buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
        [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to