bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 05 Jan 2024 03:28:12 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
baf17973 by Moritz Muehlenhoff at 2024-01-05T12:18:25+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1156,6 +1156,8 @@ CVE-2023-51075 (hutool-core v5.8.23 was discovered to 
contain an infinite loop i
        NOT-FOR-US: Hutool
 CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow 
via the Cr ...)
        - jayway-jsonpath <unfixed>
+       [bookworm] - jayway-jsonpath <no-dsa> (Minor issue)
+       [bullseye] - jayway-jsonpath <no-dsa> (Minor issue)
        NOTE: https://github.com/json-path/JsonPath/issues/973
 CVE-2023-51010 (An issue in the export component AdSdkH5Activity of 
com.sdjictec.qdmet ...)
        NOT-FOR-US: com.sdjictec.qdmetro
@@ -2854,8 +2856,13 @@ CVE-2023-48795 (The SSH transport protocol with certain 
OpenSSH extensions, foun
        [bookworm] - paramiko <no-dsa> (Minor issue)
        [bullseye] - paramiko <no-dsa> (Minor issue)
        - phpseclib 1.0.22-1
+       [bookworm] - phpseclib <no-dsa> (Minor issue)
+       [bullseye] - phpseclib <no-dsa> (Minor issue)
        - php-phpseclib 2.0.46-1
+       [bookworm] - php-phpseclib <no-dsa> (Minor issue)
+       [bullseye] - php-phpseclib <no-dsa> (Minor issue)
        - php-phpseclib3 3.0.35-1
+       [bookworm] - php-phpseclib3 <no-dsa> (Minor issue)
        - proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
        [bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
        [bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -2934,12 +2941,18 @@ CVE-2023-6483 (The vulnerability exists in ADiTaaS 
(Allied Digital Integrated To
        NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service)
 CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 
allows atta ...)
        - libcrypto++ <unfixed> (bug #1059312)
+       [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+       [bullseye] - libcrypto++ <no-dsa> (Minor issue)
        NOTE: https://github.com/weidai11/cryptopp/issues/1249
 CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows 
attackers to  ...)
        - libcrypto++ <unfixed> (bug #1059311)
+       [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+       [bullseye] - libcrypto++ <no-dsa> (Minor issue)
        NOTE: https://github.com/weidai11/cryptopp/issues/1248
 CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side 
channel during ...)
        - libcrypto++ <unfixed> (bug #1059310)
+       [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+       [bullseye] - libcrypto++ <no-dsa> (Minor issue)
        NOTE: https://github.com/weidai11/cryptopp/issues/1247
 CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing 
authoriz ...)
        NOT-FOR-US: Redpanda
@@ -3989,6 +4002,8 @@ CVE-2023-50782 [Bleichenbacher timing oracle attack 
against RSA decryption - inc
        NOTE: CVE is for incomplete fix of CVE-2020-25659
 CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - 
incomplete fix for CVE-2020-25657]
        - m2crypto <unfixed> (bug #1059292)
+       [bookworm] - m2crypto <no-dsa> (Minor issue)
+       [bullseye] - m2crypto <no-dsa> (Minor issue)
        [buster] - m2crypto <no-dsa> (Minor issue; it's an incomplete fix of 
CVE-2020-25657)
        NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342
        NOTE: https://people.redhat.com/~hkario/marvin/
@@ -13161,6 +13176,8 @@ CVE-2023-45805 (pdm is a Python package and dependency 
manager supporting the la
        NOTE: 
https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831
 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior 
to 2.2. ...)
        - libxml-security-java <unfixed> (bug #1059313)
+       [bookworm] - libxml-security-java <no-dsa> (Minor issue)
+       [bullseye] - libxml-security-java <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5
        NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
        NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
@@ -18706,6 +18723,8 @@ CVE-2023-37611 (Cross Site Scripting (XSS) 
vulnerability in Neos CMS 8.3.3 allow
        NOT-FOR-US: Neos CMS
 CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When 
creating a n ...)
        - ansible <unfixed> (bug #1055300)
+       [bookworm] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible <no-dsa> (Minor issue)
        [buster] - ansible <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
        NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv


=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ python3.11/stable (carnil)
 --
 python3.9/oldstable
 --
+python-asyncssh
+--
 redmine/stable
 --
 ring



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to