Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bb8ce9ac by Moritz Muehlenhoff at 2023-07-24T12:53:10+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -566,6 +566,8 @@ CVE-2018-25088 (A vulnerability, which was classified as critical, was found in NOT-FOR-US: Blue Yonder postgraas_server CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor ...) - wolfssl <unfixed> (bug #1041699) + [bookworm] - wolfssl <no-dsa> (Minor issue) + [bullseye] - wolfssl <no-dsa> (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/pull/6412 NOTE: https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa (v5.6.2-stable) CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) @@ -696,8 +698,9 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow NOTE: Negligible security impact CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...) - pixman <unfixed> + [bookworm] - pixman <no-dsa> (Minor issue) + [bullseye] - pixman <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 - TODO: check, not clear if the issue only in the stress-test binary or affecting as well the library CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) NOT-FOR-US: Open Enclave CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...) @@ -5424,6 +5427,8 @@ CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) i NOT-FOR-US: KNIME Business Hub CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A design fla ...) - sabnzbdplus 4.0.2+dfsg-1 (bug #1038949) + [bookworm] - sabnzbdplus <no-dsa> (Minor issue) + [bullseye] - sabnzbdplus <no-dsa> (Minor issue) NOTE: https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc (4.0.2RC2) NOTE: https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429 (4.0.2RC2) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r @@ -65801,6 +65806,7 @@ CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Setting NOT-FOR-US: MyBB CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...) - nheko 0.10.2-1 + [bullseye] - nheko <not-affected> (Vulnerable code not present) [buster] - nheko <not-affected> (Vulnerable code not present) NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7 NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2) @@ -97668,6 +97674,7 @@ CVE-2022-28132 CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...) - golang-1.18 1.18.4-1 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/53614 ===================================== data/dsa-needed.txt ===================================== @@ -55,6 +55,8 @@ php-horde-turba/oldstable -- py7zr/oldstable -- +python-django (jmm) +-- python-glance-store/oldstable -- python-os-brick/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits