Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50054c99 by Moritz Muehlenhoff at 2023-08-16T13:22:36+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -440,6 +440,8 @@ CVE-2023-4105 (Mattermost fails to delete the attachments
when deleting a messag
CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi
options in c ...)
{DLA-3502-1}
- python-git <unfixed> (bug #1043503)
+ [bookworm] - python-git <no-dsa> (Minor issue)
+ [bullseye] - python-git <no-dsa> (Minor issue)
NOTE: https://github.com/gitpython-developers/GitPython/pull/1609
NOTE:
https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed
(3.1.32)
CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA
(multi ...)
@@ -5825,6 +5827,8 @@ CVE-2023-34471 (AMI SPx contains a vulnerability in the
BMC where a user may cau
NOT-FOR-US: AMI SPx
CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction
with web ...)
- python-mechanicalsoup <unfixed> (bug #1041814)
+ [bookworm] - python-mechanicalsoup <no-dsa> (Minor issue)
+ [bullseye] - python-mechanicalsoup <no-dsa> (Minor issue)
NOTE:
https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4
NOTE:
https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e
(v1.3.0)
CVE-2023-34338 (AMI SPx contains a vulnerability in the BMC where an Attacker
may caus ...)
@@ -193123,6 +193127,7 @@ CVE-2021-20252 (A flaw was found in Red Hat 3scale
API Management Platform 2. Th
CVE-2021-20251 (A flaw was found in samba. A race condition in the password
lockout co ...)
[experimental] - samba 2:4.17.1+dfsg-1
- samba 2:4.17.2+dfsg-3
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14611
NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2708
CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly
accessi ...)
@@ -345053,7 +345058,7 @@ CVE-2018-14629 (A denial of service vulnerability was
discovered in Samba's LDAP
CVE-2018-14628 (An information leak vulnerability was discovered in Samba's
LDAP serve ...)
- samba <unfixed> (bug #1034803)
[bookworm] - samba <postponed> (Minor issue, revisit when fixed
upstream)
- [bullseye] - samba <postponed> (Minor issue, revisit when fixed
upstream)
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13595
CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0
does not h ...)
- wildfly <itp> (bug #752018)
=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,8 @@ chromium
--
cinder/oldstable
--
+fastdds
+--
frr (aron)
maintainer proposed to update to 8.4.4 for bookworm, which might be a good
idea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50054c991c4e62a7de9dd70a49ffd22507ba5e34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50054c991c4e62a7de9dd70a49ffd22507ba5e34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
