bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 28 Aug 2023 04:38:59 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
058a607b by Moritz Muehlenhoff at 2023-08-28T13:38:08+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64,10 +64,11 @@ CVE-2023-41080 (URL Redirection to Untrusted Site ('Open 
Redirect') vulnerabilit
        NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, 
using that as the fixed version
 CVE-2023-40587 (Pyramid is an open source Python web framework. A path 
traversal vulne ...)
        - python-pyramid <unfixed>
+       [bookworm] - python-pyramid <no-dsa> (Minor issue)
+       [bullseye] - python-pyramid <not-affected> (Python version in Bullseye 
is not affected)
        NOTE: 
https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8
        NOTE: 
https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85
 (2.0.2)
        NOTE: Underlying issue fixed in Python 3.11 and 3.12.
-       TODO: check,  claimed to be only affecting >= 2.0
 CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web 
application fi ...)
        NOT-FOR-US: OWASP Coraza WAF
 CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as 
part of M ...)
@@ -149,6 +150,7 @@ CVE-2023-40579 (OpenFGA is an authorization/permission 
engine built for develope
 CVE-2023-40577 (Alertmanager handles alerts sent by client applications such 
as the Pr ...)
        - prometheus-alertmanager 0.26.0+ds-1 (bug #1050558)
        NOTE: 
https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j
+       NOTE: 
https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72
 (release-0.25)
 CVE-2023-40570 (Datasette is an open source multi-tool for exploring and 
publishing da ...)
        NOT-FOR-US: Datasette
 CVE-2023-40568
@@ -142855,6 +142857,7 @@ CVE-2021-40212 (An exploitable out-of-bounds write 
vulnerability in PotPlayer 1.
        NOT-FOR-US: PotPlayer
 CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division 
by zero  ...)
        - imagemagick 8:6.9.11.60+dfsg-1.5
+       [bullseye] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/4097
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/0fb77f2a231038efdc38dcceddae6952ebdfb000
 (7.1.0-5)
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa#diff-9509dd2616f8c0aab419100d616e5e926099cc61bdfde60f2ae408f02f43472a
 (6.9.12-43)
@@ -219738,6 +219741,7 @@ CVE-2020-22219 (Buffer Overflow vulnerability in 
function bitwriter_grow_ in fla
        NOTE: https://github.com/xiph/flac/pull/419 (1.4.0)
 CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in 
libssh2 1.1 ...)
        - libssh2 1.10.0-2
+       [bullseye] - libssh2 <no-dsa> (Minor issue)
        NOTE: https://github.com/libssh2/libssh2/pull/476
        NOTE: 
https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45
 (libssh2-1.10.0)
 CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru 
1_17_0 via  ...)
@@ -220868,12 +220872,18 @@ CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL 
injection vulnerability in /
        NOT-FOR-US: OpenSNS
 CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function 
in stre ...)
        - oggvideotools <unfixed>
+       [bookworm] - oggvideotools <no-dsa> (Minor issue)
+       [bullseye] - oggvideotools <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/
 CVE-2020-21723 (A Segmentation Fault issue discovered 
StreamSerializer::extractStreams ...)
        - oggvideotools <unfixed>
+       [bookworm] - oggvideotools <no-dsa> (Minor issue)
+       [bullseye] - oggvideotools <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/
 CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows 
remote att ...)
        - oggvideotools <unfixed>
+       [bookworm] - oggvideotools <no-dsa> (Minor issue)
+       [bullseye] - oggvideotools <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/
 CVE-2020-21721
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058a607ba3bdd8473c997fc8757d2fffd1989027

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058a607ba3bdd8473c997fc8757d2fffd1989027
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to