bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 23 Oct 2023 02:30:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
daaa8d06 by Moritz Muehlenhoff at 2023-10-23T11:30:13+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,28 +153,52 @@ CVE-2023-46003 (I-doit pro 25 and below is vulnerable to 
Cross Site Scripting (X
        NOT-FOR-US: I-doit pro
 CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 15)
+       NOTE: https://github.com/nothings/stb/pull/1560
 CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 14)
+       NOTE: https://github.com/nothings/stb/pull/1559
 CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 13)
+       NOTE: https://github.com/nothings/stb/pull/1558
 CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 12)
+       NOTE: https://github.com/nothings/stb/pull/1557
 CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 11)
+       NOTE: https://github.com/nothings/stb/pull/1556
 CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 10)
+       NOTE: https://github.com/nothings/stb/pull/1555
 CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 9)
+       NOTE: https://github.com/nothings/stb/pull/1554
 CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for 
processing ogg vo ...)
        - libstb <unfixed>
-       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+       [bookworm] - libstb <no-dsa> (Minor issue)
+       [bullseye] - libstb <no-dsa> (Minor issue)
+       NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
 (issue 8)
+       NOTE: https://github.com/nothings/stb/pull/1553
 CVE-2023-45667 (stb_image is a single file MIT licensed library for processing 
images. ...)
        - libstb <unfixed>
        NOTE: 
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
@@ -235,6 +259,8 @@ CVE-2023-5618 (The Modern Footnotes plugin for WordPress is 
vulnerable to Stored
        NOT-FOR-US: WordPress plugin
 CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in 
share/se ...)
        - nagvis 1:1.9.38-1
+       [bookworm] - nagvis <no-dsa> (Minor issue)
+       [bullseye] - nagvis <no-dsa> (Minor issue)
        NOTE: https://github.com/NagVis/nagvis/pull/356
        NOTE: 
https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5
 (nagvis-1.9.38)
 CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a 
target dom ...)
@@ -2795,6 +2821,8 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is 
vulnerable to privilege
        NOT-FOR-US: IBM
 CVE-2023-42445 (Gradle is a build tool with a focus on build automation and 
support fo ...)
        - gradle <unfixed>
+       [bookworm] - gradle <no-dsa> (Minor issue)
+       [bullseye] - gradle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8
 CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - 
Roel Bous ...)
        NOT-FOR-US: WordPress plugin
@@ -3045,6 +3073,8 @@ CVE-2023-5373 (A vulnerability classified as critical has 
been found in SourceCo
        NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 
3.6.0 to 3. ...)
        - wireshark 4.0.10-1
+       [bookworm] - wireshark <no-dsa> (Minor issue)
+       [bullseye] - wireshark <no-dsa> (Minor issue)
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322
        NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to