Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: cb137028 by Moritz Muehlenhoff at 2023-07-16T15:15:09+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -96,11 +96,13 @@ CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles SSH NOTE: Fixed by: https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3 (main) NOTE: Fixed by: https://github.com/pyca/cryptography/commit/e190ef190525999d1f599cf8c3aef5cb7f3a8bc4 (41.0.2) CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str fun ...) - - w3m <unfixed> + - w3m <unfixed> (unimportant) NOTE: https://github.com/tats/w3m/issues/271 + NOTE: Crash in CLI tool, no security impact CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the Strnew_size functi ...) - - w3m <unfixed> + - w3m <unfixed> (unimportant) NOTE: https://github.com/tats/w3m/issues/270 + NOTE: Crash in CLI tool, no security impact CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are subje ...) NOT-FOR-US: copyparty CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...) @@ -619,22 +621,27 @@ CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based NOT-FOR-US: WP EasyCart plugin for WordPress CVE-2023-3019 [e1000e: heap use-after-free in e1000e_write_packet_to_guest()] - qemu <unfixed> (bug #1041102) + [bookworm] - qemu <no-dsa> (Minor issue) + [bullseye] - qemu <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: ARMember plugin for WordPress CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2514 NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2516 NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2515 NOTE: https://github.com/gpac/gpac/commit/36e1b9900ff638576cb88636bbbe2116ed06dfdc @@ -789,6 +796,7 @@ CVE-2023-36825 (Decidim is a participatory democracy framework, written in Ruby NOT-FOR-US: Decidim CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...) - redis 5:7.0.12-1 (bug #1040879) + [bookworm] - redis <no-dsa> (Minor issue) [bullseye] - redis <not-affected> (Vulnerable code introduced later) [buster] - redis <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3 ===================================== data/dsa-needed.txt ===================================== @@ -18,8 +18,13 @@ cjose -- cinder/oldstable -- +frr + maintainer proposed to update to 8.4.4 for bookworm-stable, which might be a good idea +-- iperf3 (aron) -- +kanboard (jmm) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions @@ -71,6 +76,10 @@ salt/oldstable -- samba/oldstable -- +sox + all issues unfixed upstream + for CVE-2023-34432, rest can be ignored +-- wpewebkit -- xrdp/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb13702815ca326ed196f2d6df6a2e05d6539618 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb13702815ca326ed196f2d6df6a2e05d6539618 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits