Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 058a607b by Moritz Muehlenhoff at 2023-08-28T13:38:08+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -64,10 +64,11 @@ CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal vulne ...) - python-pyramid <unfixed> + [bookworm] - python-pyramid <no-dsa> (Minor issue) + [bullseye] - python-pyramid <not-affected> (Python version in Bullseye is not affected) NOTE: https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 NOTE: https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 (2.0.2) NOTE: Underlying issue fixed in Python 3.11 and 3.12. - TODO: check, claimed to be only affecting >= 2.0 CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...) NOT-FOR-US: OWASP Coraza WAF CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...) @@ -149,6 +150,7 @@ CVE-2023-40579 (OpenFGA is an authorization/permission engine built for develope CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...) - prometheus-alertmanager 0.26.0+ds-1 (bug #1050558) NOTE: https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j + NOTE: https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72 (release-0.25) CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publishing da ...) NOT-FOR-US: Datasette CVE-2023-40568 @@ -142855,6 +142857,7 @@ CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1. NOT-FOR-US: PotPlayer CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division by zero ...) - imagemagick 8:6.9.11.60+dfsg-1.5 + [bullseye] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4097 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0fb77f2a231038efdc38dcceddae6952ebdfb000 (7.1.0-5) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa#diff-9509dd2616f8c0aab419100d616e5e926099cc61bdfde60f2ae408f02f43472a (6.9.12-43) @@ -219738,6 +219741,7 @@ CVE-2020-22219 (Buffer Overflow vulnerability in function bitwriter_grow_ in fla NOTE: https://github.com/xiph/flac/pull/419 (1.4.0) CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in libssh2 1.1 ...) - libssh2 1.10.0-2 + [bullseye] - libssh2 <no-dsa> (Minor issue) NOTE: https://github.com/libssh2/libssh2/pull/476 NOTE: https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 (libssh2-1.10.0) CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via ...) @@ -220868,12 +220872,18 @@ CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in / NOT-FOR-US: OpenSNS CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...) - oggvideotools <unfixed> + [bookworm] - oggvideotools <no-dsa> (Minor issue) + [bullseye] - oggvideotools <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/ CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...) - oggvideotools <unfixed> + [bookworm] - oggvideotools <no-dsa> (Minor issue) + [bullseye] - oggvideotools <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/ CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...) - oggvideotools <unfixed> + [bookworm] - oggvideotools <no-dsa> (Minor issue) + [bullseye] - oggvideotools <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/ CVE-2020-21721 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058a607ba3bdd8473c997fc8757d2fffd1989027 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058a607ba3bdd8473c997fc8757d2fffd1989027 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits