Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 24d48946 by Chris Lamb at 2023-11-01T16:17:35+01:00 Triage CVE-2023-31022 in nvidia-graphics-drivers for buster LTS. - - - - - a29108c9 by Chris Lamb at 2023-11-01T16:18:55+01:00 Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-390xx for buster LTS. - - - - - 5e574f7f by Chris Lamb at 2023-11-01T16:19:20+01:00 Triage CVE-2023-40217 in pypy3 for buster LTS. - - - - - e6fb2459 by Chris Lamb at 2023-11-01T16:19:40+01:00 Triage CVE-2023-5574 in xorg-server for buster LTS. - - - - - 9e242514 by Chris Lamb at 2023-11-01T16:19:59+01:00 Triage CVE-2023-46586 in weborf for buster LTS. - - - - - 141fbf0f by Chris Lamb at 2023-11-01T16:20:20+01:00 Triage CVE-2023-46137 in twisted for buster LTS. - - - - - de0f775a by Chris Lamb at 2023-11-01T16:20:36+01:00 Triage CVE-2023-46316 in traceroute for buster LTS. - - - - - 908afea2 by Chris Lamb at 2023-11-01T16:21:01+01:00 Triage CVE-2023-5752 in python-pip for buster LTS. - - - - - 46ec7f45 by Chris Lamb at 2023-11-01T16:21:37+01:00 Triage CVE-2023-39325 in golang-1.11 for buster LTS. - - - - - 35acb928 by Chris Lamb at 2023-11-01T16:22:36+01:00 Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-340xx for buster LTS. - - - - - b66fc533 by Chris Lamb at 2023-11-01T16:23:17+01:00 Triage CVE-2023-45818 & CVE-2023-45819 in tinymce for buster LTS. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -915,6 +915,7 @@ CVE-2023-46137 (Twisted is an event-based framework for internet applications. P - twisted <unfixed> (bug #1054913) [bookworm] - twisted <no-dsa> (Minor issue) [bullseye] - twisted <no-dsa> (Minor issue) + [buster] - twisted <no-dsa> (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...) NOT-FOR-US: D-Tale @@ -1227,6 +1228,7 @@ CVE-2023-5752 (When installing a package from a Mercurial VCS URL (ie "pip inst - python-pip 23.3+dfsg-1 [bookworm] - python-pip <no-dsa> (Minor issue) [bullseye] - python-pip <no-dsa> (Minor issue) + [buster] - python-pip <no-dsa> (Minor issue) NOTE: https://github.com/pypa/pip/pull/12306 NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...) @@ -1334,6 +1336,7 @@ CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This iss - xorg-server <unfixed> [bookworm] - xorg-server <no-dsa> (Minor issue) [bullseye] - xorg-server <no-dsa> (Minor issue) + [buster] - xorg-server <no-dsa> (Minor issue) NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189 CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X server cr ...) @@ -1649,11 +1652,13 @@ CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper - traceroute 1:2.1.3-1 [bookworm] - traceroute <no-dsa> (Minor issue) [bullseye] - traceroute <no-dsa> (Minor issue) + [buster] - traceroute <no-dsa> (Minor issue) NOTE: https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ CVE-2023-46586 - weborf 1.0-1 (bug #1054417) [bookworm] - weborf <no-dsa> (Minor issue) [bullseye] - weborf <no-dsa> (Minor issue) + [buster] - weborf <no-dsa> (Minor issue) NOTE: https://github.com/ltworf/weborf/pull/88 NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0) CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and ...) @@ -2132,8 +2137,10 @@ CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, in NOT-FOR-US: Artifact Hub CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) - tinymce <removed> + [buster] - tinymce <no-dsa> (Minor issue) CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...) - tinymce <removed> + [buster] - tinymce <no-dsa> (Minor issue) CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...) NOT-FOR-US: ArchiveBox CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...) @@ -3608,6 +3615,7 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and imm - golang-1.15 <removed> [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) NOTE: https://github.com/golang/go/issues/63417 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...) {DSA-5526-1} @@ -10849,6 +10857,7 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3. - pypy3 7.3.13+dfsg-1 [bookworm] - pypy3 <no-dsa> (Minor issue) [bullseye] - pypy3 <no-dsa> (Minor issue) + [buster] - pypy3 <no-dsa> (Minor issue) NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ NOTE: https://github.com/python/cpython/issues/108310 NOTE: https://github.com/python/cpython/pull/108315 @@ -24920,6 +24929,7 @@ CVE-2023-31022 - nvidia-graphics-drivers <unfixed> (bug #1055136) [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-open-gpu-kernel-modules <unfixed> (bug #1055144) [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-tesla <unfixed> (bug #1055143) @@ -24935,7 +24945,9 @@ CVE-2023-31022 [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1055138) [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1055137) + [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491 CVE-2023-31021 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits