Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: ab4493a4 by Moritz Muehlenhoff at 2023-08-23T12:28:33+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18085,6 +18085,8 @@ CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android expose NOT-FOR-US: laola.redbull CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...) - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) [buster] - zabbix <not-affected> (vulnerable code introduced later) NOTE: This appears to be bug in Zabbix's use of duktape, not an issue in src:duktape per se NOTE: https://support.zabbix.com/browse/ZBX-22989 @@ -18092,18 +18094,26 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a foc CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...) {DLA-3538-1} - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22988 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...) {DLA-3538-1} - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22987 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...) {DLA-3538-1} - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22986 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...) {DLA-3538-1} - zabbix <unfixed> + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29453 RESERVED @@ -19169,11 +19179,11 @@ CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allo CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools software ...) - - mdadm <unfixed> + - mdadm <undetermined> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2 CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...) - - mdadm <unfixed> + - mdadm <undetermined> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2 CVE-2023-28717 @@ -45573,8 +45583,9 @@ CVE-2022-47071 (In NVS365 V01, the background network test function can trigger CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...) NOT-FOR-US: NVS365 V01 CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...) - - p7zip <unfixed> + - p7zip <unfixed> (unimportant) NOTE: https://sourceforge.net/p/p7zip/bugs/241/ + NOTE: Crash in CLI tool, no security impact CVE-2022-47068 RESERVED CVE-2022-47067 @@ -85001,6 +85012,8 @@ CVE-2022-34039 RESERVED CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of service via f ...) - etcd <unfixed> + [bookworm] - etcd <no-dsa> (Minor issue) + [bullseye] - etcd <no-dsa> (Minor issue) NOTE: https://github.com/etcd-io/etcd/pull/14022 NOTE: https://github.com/etcd-io/etcd/pull/14452 NOTE: Fixed by: https://github.com/etcd-io/etcd/commit/5a315ef88fbfa454e02d27b0b8acb4f89457cd90 @@ -223972,9 +223985,10 @@ CVE-2020-19911 CVE-2020-19910 RESERVED CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via cr ...) - - curl 7.66.0-1 + - curl 7.66.0-1 (unimportant) NOTE: https://github.com/curl/curl/pull/4166 NOTE: Fixed by: https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d (curl-7_66_0) + NOTE: Crash in CLI tool, no security impact CVE-2020-19908 RESERVED CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits