Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 826bb966 by Moritz Muehlenhoff at 2023-06-26T18:43:04+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1021,9 +1021,9 @@ CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3 CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...) NOT-FOR-US: cfnts CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers ...) - - jackson-databind <unfixed> - [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: Disputed jackson-databind issue NOTE: https://github.com/FasterXML/jackson-databind/issues/3972 + NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091 CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...) NOT-FOR-US: jjson CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...) @@ -2094,6 +2094,8 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse - crun <unfixed> - epic-base <unfixed> - r-cran-jsonlite <unfixed> + [bookworm] - r-cran-jsonlite <no-dsa> (Minor issue) + [bullseye] - r-cran-jsonlite <no-dsa> (Minor issue) - ruby-yajl <unfixed> CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow @@ -20633,6 +20635,7 @@ CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; NOT-FOR-US: github.com/xyproto/algernon/engine CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...) - cpp-httplib <unfixed> (bug #1037100) + [bookworm] - cpp-httplib <no-dsa> (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194 NOTE: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280 NOTE: https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4) @@ -81671,6 +81674,7 @@ CVE-2022-32150 RESERVED CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...) - golang-golang-x-text 0.3.8-1 (bug #1021785) + [bullseye] - golang-golang-x-text <no-dsa> (Minor issue) - golang-x-text <removed> [buster] - golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package)) NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU @@ -137849,6 +137853,7 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) CVE-2021-38561 (golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic ...) - golang-golang-x-text 0.3.7-1 + [bullseye] - golang-golang-x-text <no-dsa> (Minor issue) - golang-x-text <removed> [buster] - golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits