bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 20 Nov 2023 13:22:56 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c8df1691 by Moritz Muehlenhoff at 2023-11-20T22:22:29+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6542,8 +6542,12 @@ CVE-2023-32724 (Memory pointer is in a property of the 
Ducktape object. This lea
        - zabbix <unfixed> (bug #1053877)
        [buster] - zabbix <not-affected> (vulnerable code introduced later)
        NOTE: https://support.zabbix.com/browse/ZBX-23391
+       NOTE: 
https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7
 (release/5.0)
+       NOTE: 
https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e
 (release/6.0)
 CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
        - zabbix <unfixed> (bug #1053877)
+       [bookworm] - zabbix <no-dsa> (Minor issue)
+       [bullseye] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-23230
        NOTE: very likely commit 
https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688
 (for 4.0.x)
 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer 
overflow  ...)
@@ -10995,6 +10999,7 @@ CVE-2023-4568 (PaperCut NG allows for unauthenticated 
XMLRPC commands to be run
        NOT-FOR-US: PaperCut
 CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption 
vulnerabi ...)
        - libcommons-compress-java 1.24.0-1 (bug #1052065)
+       [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
        [bullseye] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        [buster] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
@@ -51544,6 +51549,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX 
in PackLinuxElf64::invert_
        NOTE: https://github.com/upx/upx/issues/631
 CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in 
PackTmt::p ...)
        - upx-ucl <unfixed> (bug #1033258)
+       [bullseye] - upx-ucl <no-dsa> (Minor issue)
        [buster] - upx-ucl <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
        NOTE: 
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
@@ -62772,6 +62778,8 @@ CVE-2022-41985 (An authentication bypass vulnerability 
exists in the Authenticat
        NOT-FOR-US: uC-FTPs
 CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication 
checks. I ...)
        - derby <unfixed>
+       [bookworm] - derby <no-dsa> (Minor issue)
+       [bullseye] - derby <no-dsa> (Minor issue)
        NOTE: https://issues.apache.org/jira/browse/DERBY-7147
        NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3
 CVE-2022-46336



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to