[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Wed, 23 Aug 2023 03:29:07 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab4493a4 by Moritz Muehlenhoff at 2023-08-23T12:28:33+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18085,6 +18085,8 @@ CVE-2023-29459 (The laola.redbull application through 
5.1.9-R for Android expose
        NOT-FOR-US: laola.redbull
 CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a 
focus on  ...)
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        [buster] - zabbix <not-affected> (vulnerable code introduced later)
        NOTE: This appears to be bug in Zabbix's use of duktape, not an issue 
in src:duktape per se
        NOTE: https://support.zabbix.com/browse/ZBX-22989
@@ -18092,18 +18094,26 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable 
JavaScript engine, with a foc
 CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is 
reflected off  ...)
        {DLA-3538-1}
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-22988
 CVE-2023-29456 (URL validation scheme receives input from a user and then 
parses it to ...)
        {DLA-3538-1}
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-22987
 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, 
occur whe ...)
        {DLA-3538-1}
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-22986
 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of 
XSS where ...)
        {DLA-3538-1}
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453
        RESERVED
@@ -19169,11 +19179,11 @@ CVE-2023-1791 (A vulnerability has been found in 
SourceCodester Simple Task Allo
 CVE-2023-1790 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
        NOT-FOR-US: SourceCodester Simple Task Allocation System
 CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools 
software  ...)
-       - mdadm <unfixed>
+       - mdadm <undetermined>
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
        TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
 CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before 
version mda ...)
-       - mdadm <unfixed>
+       - mdadm <undetermined>
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
        TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
 CVE-2023-28717
@@ -45573,8 +45583,9 @@ CVE-2022-47071 (In NVS365 V01, the background network 
test function can trigger
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After 
entering a ...)
        NOT-FOR-US: NVS365 V01
 CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow 
vulnerabi ...)
-       - p7zip <unfixed>
+       - p7zip <unfixed> (unimportant)
        NOTE: https://sourceforge.net/p/p7zip/bugs/241/
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-47068
        RESERVED
 CVE-2022-47067
@@ -85001,6 +85012,8 @@ CVE-2022-34039
        RESERVED
 CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of 
service via f ...)
        - etcd <unfixed>
+       [bookworm] - etcd <no-dsa> (Minor issue)
+       [bullseye] - etcd <no-dsa> (Minor issue)
        NOTE: https://github.com/etcd-io/etcd/pull/14022
        NOTE: https://github.com/etcd-io/etcd/pull/14452
        NOTE: Fixed by: 
https://github.com/etcd-io/etcd/commit/5a315ef88fbfa454e02d27b0b8acb4f89457cd90
@@ -223972,9 +223985,10 @@ CVE-2020-19911
 CVE-2020-19910
        RESERVED
 CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 
7.65.2 via cr ...)
-       - curl 7.66.0-1
+       - curl 7.66.0-1 (unimportant)
        NOTE: https://github.com/curl/curl/pull/4166
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d 
(curl-7_66_0)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2020-19908
        RESERVED
 CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of 
Caldera 2.3 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to