bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 03 Sep 2023 12:03:58 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6f2cbdbb by Moritz Muehlenhoff at 2023-09-03T21:02:13+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,23 @@
 CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
        - vim <unfixed>
+       [bookworm] - vim <no-dsa> (Minor issue)
+       [bullseye] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/
        NOTE: 
https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 
(v9.0.1848)
 CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 
9.0.1833.)
-       - vim <unfixed>
+       - vim <not-affected> (Windows-specific)
        NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/
        NOTE: 
https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c 
(v9.0.1833)
 CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 
9.0.1847.)
-       - vim <unfixed>
+       - vim <unfixed> (unimportant)
        NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/
        NOTE: 
https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 
(v9.0.1847)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim 
prior to 9 ...)
-       - vim <unfixed>
+       - vim <unfixed> (unimportant)
        NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/
        NOTE: 
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 
(v9.0.1846)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2023-39983 (A vulnerability that poses a potential risk of polluting the 
MXsecurit ...)
        NOT-FOR-US: MXsecurity
 CVE-2023-39982 (A vulnerability has been identified in MXsecurity versions 
prior to v1 ...)
@@ -1276,6 +1280,8 @@ CVE-2023-40217 (An issue was discovered in Python before 
3.8.18, 3.9.x before 3.
        NOTE: 2. 
https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
 CVE-2023-4380
        - ansible <unfixed>
+       [bookworm] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232324
 CVE-2023-4420 (A remote unprivileged attacker can intercept the communication 
via e.g ...)
        NOT-FOR-US: SICK LMS5xx
@@ -5762,11 +5768,13 @@ CVE-2023-3779 (The Essential Addons For Elementor 
plugin for WordPress is vulner
        NOT-FOR-US: WordPress plugin
 CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 
1.4.1 HTTP ...)
        - nomad <removed>
+       [bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL 
policies ...)
        - nomad <not-affected> (Specific to Nomad Enterprise)
 CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 
1.4.10 ACL  ...)
        - nomad <removed>
+       [bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
 CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse 
the reg ...)
        NOT-FOR-US: Weincloud
@@ -19742,11 +19750,15 @@ CVE-2023-29451 (Specially crafted string can cause a 
buffer overrun in the JSON
 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain 
access t ...)
        {DLA-3538-1}
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-22588
        NOTE: Patch for 5.0.32rc1: 
https://github.com/zabbix/zabbix/commit/c3f1543e4
        NOTE: Patch for 6.0.14rc2: 
https://github.com/zabbix/zabbix/commit/76f6a80cb
 CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can 
cause uncont ...)
        - zabbix <unfixed>
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        [buster] - zabbix <not-affected> (vulnerable code introduced later)
        NOTE: https://support.zabbix.com/browse/ZBX-22589
        NOTE: Upstream patch for 5.0.32: 
https://github.com/zabbix/zabbix/commit/e90b8a3c62



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to