Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5936ceab by Moritz Muehlenhoff at 2023-06-29T16:04:51+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -65052,6 +65052,7 @@ CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task ma CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...) [experimental] - ruby-omniauth 2.0.4-1~exp1 - ruby-omniauth 2.0.4-2 + [bullseye] - ruby-omniauth <no-dsa> (Minor issue) [buster] - ruby-omniauth <no-dsa> (Minor issue) NOTE: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00 (v2.0.0-rc1) CVE-2020-36598 @@ -72262,6 +72263,7 @@ CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost ve - mattermost-server <itp> (bug #823556) CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...) - php-dompdf 2.0.2+dfsg-1 (bug #1015874) + [bullseye] - php-dompdf <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allow ...) @@ -82198,6 +82200,7 @@ CVE-2022-1962 (Uncontrolled recursion in the Parse functions in go/parser before - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53616 @@ -86689,6 +86692,7 @@ CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the HTTP/ - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <not-affected> (Introduced in 1.15) NOTE: https://go.dev/issue/53188 NOTE: https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1) @@ -92740,7 +92744,7 @@ CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows - libpod 3.4.7+ds1-1 [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2 - golang-github-containers-psgo 1.7.1+ds1-1 (bug #1020907) - [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1 + [bullseye] - golang-github-containers-psgo 1.5.2-1+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368 NOTE: https://github.com/containers/psgo/pull/92 NOTE: https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2) @@ -126108,6 +126112,7 @@ CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sam CVE-2021-3902 RESERVED - php-dompdf 2.0.2+dfsg-1 + [bullseye] - php-dompdf <no-dsa> (Minor issue) NOTE: https://github.com/dompdf/dompdf/issues/2564 NOTE: https://huntr.dev/bounties/a6071c07-806f-429a-8656-a4742e4191b1 CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) @@ -130261,6 +130266,7 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing CVE-2021-3838 RESERVED - php-dompdf 2.0.2+dfsg-1 + [bullseye] - php-dompdf <no-dsa> (Minor issue) NOTE: https://github.com/dompdf/dompdf/issues/2564 NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...) @@ -160782,6 +160788,7 @@ CVE-2021-29924 CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero characters a ...) - golang-1.16 <unfixed> - golang-1.15 <unfixed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases) - golang-1.8 <removed> ===================================== data/dsa-needed.txt ===================================== @@ -22,6 +22,12 @@ ghostscript (carnil) -- gpac/oldstable (jmm) -- +gst-plugins-base1.0 (jmm) +-- +gst-plugins-bad1.0 (jmm) +-- +gst-plugins-bad1.0 (jmm) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5936ceabfeaa1226e6dc1e82e854a848f2260327 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5936ceabfeaa1226e6dc1e82e854a848f2260327 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits