Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24d48946 by Chris Lamb at 2023-11-01T16:17:35+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers for buster LTS.
- - - - -
a29108c9 by Chris Lamb at 2023-11-01T16:18:55+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-390xx for buster LTS.
- - - - -
5e574f7f by Chris Lamb at 2023-11-01T16:19:20+01:00
Triage CVE-2023-40217 in pypy3 for buster LTS.
- - - - -
e6fb2459 by Chris Lamb at 2023-11-01T16:19:40+01:00
Triage CVE-2023-5574 in xorg-server for buster LTS.
- - - - -
9e242514 by Chris Lamb at 2023-11-01T16:19:59+01:00
Triage CVE-2023-46586 in weborf for buster LTS.
- - - - -
141fbf0f by Chris Lamb at 2023-11-01T16:20:20+01:00
Triage CVE-2023-46137 in twisted for buster LTS.
- - - - -
de0f775a by Chris Lamb at 2023-11-01T16:20:36+01:00
Triage CVE-2023-46316 in traceroute for buster LTS.
- - - - -
908afea2 by Chris Lamb at 2023-11-01T16:21:01+01:00
Triage CVE-2023-5752 in python-pip for buster LTS.
- - - - -
46ec7f45 by Chris Lamb at 2023-11-01T16:21:37+01:00
Triage CVE-2023-39325 in golang-1.11 for buster LTS.
- - - - -
35acb928 by Chris Lamb at 2023-11-01T16:22:36+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-340xx for buster LTS.
- - - - -
b66fc533 by Chris Lamb at 2023-11-01T16:23:17+01:00
Triage CVE-2023-45818 & CVE-2023-45819 in tinymce for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -915,6 +915,7 @@ CVE-2023-46137 (Twisted is an event-based framework for
internet applications. P
- twisted <unfixed> (bug #1054913)
[bookworm] - twisted <no-dsa> (Minor issue)
[bullseye] - twisted <no-dsa> (Minor issue)
+ [buster] - twisted <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React
front-end to ...)
NOT-FOR-US: D-Tale
@@ -1227,6 +1228,7 @@ CVE-2023-5752 (When installing a package from a Mercurial
VCS URL (ie "pip inst
- python-pip 23.3+dfsg-1
[bookworm] - python-pip <no-dsa> (Minor issue)
[bullseye] - python-pip <no-dsa> (Minor issue)
+ [buster] - python-pip <no-dsa> (Minor issue)
NOTE: https://github.com/pypa/pip/pull/12306
NOTE:
https://mail.python.org/archives/list/security-annou...@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized
modifi ...)
@@ -1334,6 +1336,7 @@ CVE-2023-5574 (A use-after-free flaw was found in
xorg-x11-server-Xvfb. This iss
- xorg-server <unfixed>
[bookworm] - xorg-server <no-dsa> (Minor issue)
[bullseye] - xorg-server <no-dsa> (Minor issue)
+ [buster] - xorg-server <no-dsa> (Minor issue)
NOTE:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189
CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X
server cr ...)
@@ -1649,11 +1652,13 @@ CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2
before 2.1.3, the wrapper
- traceroute 1:2.1.3-1
[bookworm] - traceroute <no-dsa> (Minor issue)
[bullseye] - traceroute <no-dsa> (Minor issue)
+ [buster] - traceroute <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
CVE-2023-46586
- weborf 1.0-1 (bug #1054417)
[bookworm] - weborf <no-dsa> (Minor issue)
[bullseye] - weborf <no-dsa> (Minor issue)
+ [buster] - weborf <no-dsa> (Minor issue)
NOTE: https://github.com/ltworf/weborf/pull/88
NOTE: Fixed by:
https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
(1.0)
CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to
2.1.3.0 and ...)
@@ -2132,8 +2137,10 @@ CVE-2023-45821 (Artifact Hub is a web-based application
that enables finding, in
NOT-FOR-US: Artifact Hub
CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site
scripting (XS ...)
- tinymce <removed>
+ [buster] - tinymce <no-dsa> (Minor issue)
CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation
cross-site scri ...)
- tinymce <removed>
+ [buster] - tinymce <no-dsa> (Minor issue)
CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system.
Any use ...)
NOT-FOR-US: ArchiveBox
CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site
Scripting (XS ...)
@@ -3608,6 +3615,7 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly
creates requests and imm
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/63417
CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70
allowed ...)
{DSA-5526-1}
@@ -10849,6 +10857,7 @@ CVE-2023-40217 (An issue was discovered in Python
before 3.8.18, 3.9.x before 3.
- pypy3 7.3.13+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
[bullseye] - pypy3 <no-dsa> (Minor issue)
+ [buster] - pypy3 <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/security-annou...@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
NOTE: https://github.com/python/cpython/issues/108310
NOTE: https://github.com/python/cpython/pull/108315
@@ -24920,6 +24929,7 @@ CVE-2023-31022
- nvidia-graphics-drivers <unfixed> (bug #1055136)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1055144)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla <unfixed> (bug #1055143)
@@ -24935,7 +24945,9 @@ CVE-2023-31022
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1055138)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free
not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1055137)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491
CVE-2023-31021
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
