Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9625bc10 by Moritz Muehlenhoff at 2023-08-25T11:33:30+02:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -79,14 +79,20 @@ CVE-2023-XXXX [tryton-server lack of record validation] NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...) - wireshark 4.0.8-1 + [bookworm] - wireshark <no-dsa> (Minor issue) + [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...) - wireshark 4.0.8-1 + [bookworm] - wireshark <no-dsa> (Minor issue) + [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...) - wireshark 4.0.8-1 + [bookworm] - wireshark <no-dsa> (Minor issue) + [bullseye] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) @@ -1715,6 +1721,7 @@ CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink NOT-FOR-US: Ivanti CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERGE comm ...) - postgresql-15 15.4-1 + [bookworm] - postgresql-15 <postponed> (Minor issue, fix along with next round of updates) - postgresql-13 <not-affected> (Only affects 15.x) - postgresql-11 <not-affected> (Only affects 15.x) NOTE: https://www.postgresql.org/support/security/CVE-2023-39418/ @@ -1722,7 +1729,9 @@ CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERG NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4) CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...) - postgresql-15 15.4-1 + [bookworm] - postgresql-15 <postponed> (Minor issue, fix along with next round of updates) - postgresql-13 <removed> + [bullseye] - postgresql-13 <postponed> (Minor issue, fix along with next round of updates) - postgresql-11 <removed> NOTE: https://www.postgresql.org/support/security/CVE-2023-39417/ NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/ @@ -50311,6 +50320,8 @@ CVE-2022-45583 RESERVED CVE-2022-45582 (Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1. ...) - horizon 3:23.1.0-3 + [bookworm] - horizon <no-dsa> (Minor issue) + [bullseye] - horizon <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/horizon/+bug/1982676 NOTE: https://opendev.org/openstack/horizon/commit/beed6bf6f6f83df9972db5fb539d64175ce12ce9 (19.4.0) NOTE: https://opendev.org/openstack/horizon/commit/2f600272bfffb3024e6f06a369f9b4768dd1a0b0 (20.1.4) @@ -65091,6 +65102,7 @@ CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management NOT-FOR-US: Record Management System CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...) - cacti 1.2.22+ds1-1 + [bullseye] - cacti <no-dsa> (Minor issue) NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/ccb8b62de0f27f59d5e6073c2ae577a9ca7adaf8 (release/1.2.22) CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...) @@ -142406,18 +142418,28 @@ CVE-2021-40267 RESERVED CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) + [bullseye] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/334/ CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) + [bullseye] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/337/ CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) + [bullseye] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/335/ CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) + [bullseye] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/336/ CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...) - freeimage <unfixed> + [bookworm] - freeimage <no-dsa> (Minor issue) + [bullseye] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/338/ CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) NOT-FOR-US: SourceCodester @@ -157443,6 +157465,7 @@ CVE-2021-34194 RESERVED CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware before 0. ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 @@ -209004,9 +209027,10 @@ CVE-2020-26685 CVE-2020-26684 RESERVED CVE-2020-26683 (A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Softw ...) - - mupdf 1.19.0+ds1-1 + - mupdf 1.19.0+ds1-1 (unimportant) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702566 NOTE: https://git.ghostscript.com/?p=mupdf.git;h=05720b4ee3dbae57e65546dc2eecc3021c08eeea (1.18.0-rc1) + NOTE: Memory leak in CLI tool, no security impact CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_strok ...) - libass 1:0.15.0-1 (bug #975108) [buster] - libass <no-dsa> (Minor issue) @@ -213491,6 +213515,7 @@ CVE-2020-24905 RESERVED CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail version 2.5 ...) - gnome-gmail <removed> + [bullseye] - gnome-gmail <no-dsa> (Minor issue) NOTE: https://github.com/davesteele/gnome-gmail/issues/84 TODO: check, might be an issue as well in src:viagee CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...) @@ -220172,6 +220197,7 @@ CVE-2020-21897 RESERVED CVE-2020-21896 (A Use After Free vulnerability in svg_dev_text_span_as_paths_defs func ...) - mupdf 1.19.0+ds1-1 + [bullseye] - mupdf <no-dsa> (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701294 NOTE: https://git.ghostscript.com/?p=mupdf.git;h=8719e07834d6a72b6b4131539e49ed1e8e2ff79e CVE-2020-21895 ===================================== data/dsa-needed.txt ===================================== @@ -14,10 +14,12 @@ If needed, specify the release by adding a slash after the name of the source pa -- aom/oldstable (apo) -- -chromium +chromium (jmm) -- cinder/oldstable -- +flac/oldstable +-- frr (aron) maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9625bc103ed629722072e1208a6675b2dea70300 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9625bc103ed629722072e1208a6675b2dea70300 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits