Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8fd8ff2d by Moritz Muehlenhoff at 2023-07-31T14:20:22+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -940,6 +940,8 @@ CVE-2023-35134 (Weintek Weincloud v0.13.6 could allow an attacker to reset a p NOT-FOR-US: Weincloud CVE-2023-34478 (Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...) - shiro <unfixed> + [bookworm] - shiro <no-dsa> (Minor issue) + [bullseye] - shiro <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4 CVE-2023-34429 (Weintek Weincloud v0.13.6 could allow an attacker to cause a denia ...) NOT-FOR-US: Weincloud @@ -60322,6 +60324,7 @@ CVE-2022-41725 (A denial of service is possible from excessive resource consumpt [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E @@ -60331,6 +60334,7 @@ CVE-2022-41724 (Large handshake records may cause panics in crypto/tls. Both cli [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <not-affected> (Vulnerable code introduced later) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E NOTE: https://go.dev/issue/58001 @@ -60342,6 +60346,7 @@ CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU co [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.7.0+dfsg-1 @@ -60381,6 +60386,7 @@ CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server acc - golang-1.19 1.19.4-1 - golang-1.18 1.18.9-1 - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.4.0+dfsg-1 ===================================== data/dsa-needed.txt ===================================== @@ -21,6 +21,8 @@ cinder/oldstable frr (aron) maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- +librsvg +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions @@ -42,7 +44,10 @@ ntpsec (carnil) openjdk-11/oldstable (jmm) needs asmtools backport in bullseye -- +openjdk-17/oldstable (jmm) +-- orthanc (jmm) + needs ca-certificates-java fix for bookworm -- php-cas/oldstable -- @@ -87,7 +92,9 @@ sox all issues unfixed upstream for CVE-2023-34432, rest can be ignored -- -wpewebkit +tiff +-- +wpewebkit/oldstable -- xrdp/oldstable needs some additional clarification, tentatively DSA worthy View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd8ff2d62d95782afe0e51e5835d12f9cfc63bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd8ff2d62d95782afe0e51e5835d12f9cfc63bc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits