Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: baf17973 by Moritz Muehlenhoff at 2024-01-05T12:18:25+01:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1156,6 +1156,8 @@ CVE-2023-51075 (hutool-core v5.8.23 was discovered to contain an infinite loop i NOT-FOR-US: Hutool CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...) - jayway-jsonpath <unfixed> + [bookworm] - jayway-jsonpath <no-dsa> (Minor issue) + [bullseye] - jayway-jsonpath <no-dsa> (Minor issue) NOTE: https://github.com/json-path/JsonPath/issues/973 CVE-2023-51010 (An issue in the export component AdSdkH5Activity of com.sdjictec.qdmet ...) NOT-FOR-US: com.sdjictec.qdmetro @@ -2854,8 +2856,13 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun [bookworm] - paramiko <no-dsa> (Minor issue) [bullseye] - paramiko <no-dsa> (Minor issue) - phpseclib 1.0.22-1 + [bookworm] - phpseclib <no-dsa> (Minor issue) + [bullseye] - phpseclib <no-dsa> (Minor issue) - php-phpseclib 2.0.46-1 + [bookworm] - php-phpseclib <no-dsa> (Minor issue) + [bullseye] - php-phpseclib <no-dsa> (Minor issue) - php-phpseclib3 3.0.35-1 + [bookworm] - php-phpseclib3 <no-dsa> (Minor issue) - proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144) [bookworm] - proftpd-dfsg <no-dsa> (Minor issue) [bullseye] - proftpd-dfsg <no-dsa> (Minor issue) @@ -2934,12 +2941,18 @@ CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated To NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service) CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows atta ...) - libcrypto++ <unfixed> (bug #1059312) + [bookworm] - libcrypto++ <no-dsa> (Minor issue) + [bullseye] - libcrypto++ <no-dsa> (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1249 CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to ...) - libcrypto++ <unfixed> (bug #1059311) + [bookworm] - libcrypto++ <no-dsa> (Minor issue) + [bullseye] - libcrypto++ <no-dsa> (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1248 CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...) - libcrypto++ <unfixed> (bug #1059310) + [bookworm] - libcrypto++ <no-dsa> (Minor issue) + [bullseye] - libcrypto++ <no-dsa> (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1247 CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...) NOT-FOR-US: Redpanda @@ -3989,6 +4002,8 @@ CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - inc NOTE: CVE is for incomplete fix of CVE-2020-25659 CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657] - m2crypto <unfixed> (bug #1059292) + [bookworm] - m2crypto <no-dsa> (Minor issue) + [bullseye] - m2crypto <no-dsa> (Minor issue) [buster] - m2crypto <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25657) NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342 NOTE: https://people.redhat.com/~hkario/marvin/ @@ -13161,6 +13176,8 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - libxml-security-java <unfixed> (bug #1059313) + [bookworm] - libxml-security-java <no-dsa> (Minor issue) + [bullseye] - libxml-security-java <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5 NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc @@ -18706,6 +18723,8 @@ CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allow NOT-FOR-US: Neos CMS CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...) - ansible <unfixed> (bug #1055300) + [bookworm] - ansible <no-dsa> (Minor issue) + [bullseye] - ansible <no-dsa> (Minor issue) [buster] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979 NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv ===================================== data/dsa-needed.txt ===================================== @@ -48,6 +48,8 @@ python3.11/stable (carnil) -- python3.9/oldstable -- +python-asyncssh +-- redmine/stable -- ring View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits