Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
826bb966 by Moritz Muehlenhoff at 2023-06-26T18:43:04+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1021,9 +1021,9 @@ CVE-2023-3040 (A debug function in the lua-resty-json
package, up to commit id 3
CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts
prior t ...)
NOT-FOR-US: cfnts
CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows
attackers ...)
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue)
+ NOTE: Disputed jackson-databind issue
NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
+ NOTE:
https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091
CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to
cause a d ...)
NOT-FOR-US: jjson
CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to
gain sensi ...)
@@ -2094,6 +2094,8 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with
use of yajl_tree_parse
- crun <unfixed>
- epic-base <unfixed>
- r-cran-jsonlite <unfixed>
+ [bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+ [bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
- ruby-yajl <unfixed>
CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in
URIParser::parse , ...)
NOT-FOR-US: Sogou Workflow
@@ -20633,6 +20635,7 @@ CVE-2023-26131 (All versions of the package
github.com/xyproto/algernon/engine;
NOT-FOR-US: github.com/xyproto/algernon/engine
CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are
vulnerab ...)
- cpp-httplib <unfixed> (bug #1037100)
+ [bookworm] - cpp-httplib <no-dsa> (Minor issue)
NOTE:
https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
NOTE:
https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280
NOTE:
https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08
(v0.12.4)
@@ -81671,6 +81674,7 @@ CVE-2022-32150
RESERVED
CVE-2022-32149 (An attacker may cause a denial of service by crafting an
Accept-Langua ...)
- golang-golang-x-text 0.3.8-1 (bug #1021785)
+ [bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
- golang-x-text <removed>
[buster] - golang-x-text <postponed> (Limited support, minor issue,
follow bullseye DSAs/point-releases (renamed package))
NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
@@ -137849,6 +137853,7 @@ CVE-2021-38562 (Best Practical Request Tracker (RT)
4.2 before 4.2.17, 4.4 befor
NOTE:
https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f
(rt-4.2.17)
CVE-2021-38561 (golang.org/x/text/language in golang.org/x/text before 0.3.7
can panic ...)
- golang-golang-x-text 0.3.7-1
+ [bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
- golang-x-text <removed>
[buster] - golang-x-text <postponed> (Limited support, minor issue,
follow bullseye DSAs/point-releases)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
