Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8ab4d6fb by Moritz Muehlenhoff at 2023-06-28T12:26:48+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -241,6 +241,8 @@ CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the NOT-FOR-US: Lenovo CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) - mediawiki <unfixed> + [bookworm] - mediawiki <postponed> (Fix in next security release) + [bullseye] - mediawiki <postponed> (Fix in next security release) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 NOTE: https://phabricator.wikimedia.org/T332889 CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) @@ -1356,6 +1358,8 @@ CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection NOT-FOR-US: PrestaShop postfinance CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...) - guava-libraries 32.0.1-1 (bug #1038979) + [bookworm] - guava-libraries <no-dsa> (Minor issue) + [bullseye] - guava-libraries <no-dsa> (Minor issue) NOTE: https://github.com/google/guava/releases/tag/v32.0.0 NOTE: https://github.com/google/guava/issues/2575 CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...) @@ -2343,6 +2347,8 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse [bookworm] - r-cran-jsonlite <no-dsa> (Minor issue) [bullseye] - r-cran-jsonlite <no-dsa> (Minor issue) - ruby-yajl <unfixed> + [bookworm] - ruby-yajl <no-dsa> (Minor issue) + [bullseye] - ruby-yajl <no-dsa> (Minor issue) CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) @@ -2552,6 +2558,8 @@ CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, - qt6-base 6.4.2+dfsg-11 (bug #1037209) [bookworm] - qt6-base <no-dsa> (Minor issue) - qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210) + [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue) + [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) [buster] - qtbase-opensource-src <no-dsa> (Minor issue) - qtbase-opensource-src-gles <unfixed> [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue) @@ -3879,6 +3887,7 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2 - qt6-base 6.4.2+dfsg-10 (bug #1036848) [bookworm] - qt6-base <no-dsa> (Minor issue) - qtbase-opensource-src 5.15.8+dfsg-11 + [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) [buster] - qtbase-opensource-src <no-dsa> (Minor issue) - qtbase-opensource-src-gles <unfixed> [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue) @@ -4042,6 +4051,7 @@ CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Co CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...) - qt6-base 6.4.2+dfsg-8 - qtbase-opensource-src 5.15.8+dfsg-10 + [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) [buster] - qtbase-opensource-src <no-dsa> (Minor issue) - qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702) [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue) @@ -4054,6 +4064,7 @@ CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6. ...) - qt6-base 6.4.2+dfsg-9 - qtbase-opensource-src 5.15.8+dfsg-10 + [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) [buster] - qtbase-opensource-src <postponed> (Can wait for next upload) - qtbase-opensource-src-gles <not-affected> (Not built in GLES variant) NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 @@ -24400,6 +24411,7 @@ CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...) - tomcat10 10.1.5-1 - tomcat9 9.0.70-2 + [bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update) [buster] - tomcat9 <no-dsa> (Minor issue) - libcommons-fileupload-java 1.4-2 (bug #1031733) [bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue) @@ -58600,6 +58612,7 @@ CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute NOT-FOR-US: D-Link CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...) - consul <unfixed> (bug #1027161) + [bullseye] - consul <no-dsa> (Minor issue) [buster] - consul <not-affected> (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (v1.11.9) @@ -64897,6 +64910,7 @@ CVE-2022-2880 (Requests forwarded by ReverseProxy include the raw query paramete - golang-1.18 1.18.7-1 - golang-1.17 <unfixed> - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/54663 @@ -64907,6 +64921,7 @@ CVE-2022-2879 (Reader.Read does not set a limit on the maximum size of file head - golang-1.18 1.18.7-1 - golang-1.17 <unfixed> - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/54853 @@ -244559,6 +244574,8 @@ CVE-2020-8909 RESERVED CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...) - guava-libraries 32.0.1-1 (bug #1038979) + [bookworm] - guava-libraries <no-dsa> (Minor issue) + [bullseye] - guava-libraries <no-dsa> (Minor issue) NOTE: https://github.com/google/guava/issues/4011 NOTE: https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40 NOTE: Issue incompletely fixed: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ab4d6fba2521504196476b7fbcfe05efdc17261 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ab4d6fba2521504196476b7fbcfe05efdc17261 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits