[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 13 15:11:52 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
765695dc by Moritz Muehlenhoff at 2023-04-13T16:09:55+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2098,11 +2098,13 @@ CVE-2023-29583
 CVE-2023-29582
 	RESERVED
 CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
-	- yasm <unfixed>
+	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/216
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
-	- yasm <unfixed>
+	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/215
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-29579
 	RESERVED
 CVE-2023-29578
@@ -4143,6 +4145,7 @@ CVE-2023-1691
 	RESERVED
 CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and  ...)
 	- ffmpeg 7:5.1.2-1
+	[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2)
 CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak thro ...)
@@ -5125,6 +5128,7 @@ CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior
 	- teampass <itp> (bug #730180)
 CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
 	- qemu <unfixed> (bug #1034179)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
 CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
 	{DSA-5379-1}
@@ -10488,10 +10492,12 @@ CVE-2023-26918
 	RESERVED
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
 	- libyang2 <unfixed>
+	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1987
 	NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
 CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
 	- libyang2 <unfixed> (bug #1034154)
+	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1979
 	NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55)
 CVE-2023-26915
@@ -49422,6 +49428,7 @@ CVE-2022-40900
 	RESERVED
 CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...)
 	- python-future <unfixed> (bug #1031699)
+	[bullseye] - python-future <no-dsa> (Minor issue)
 	NOTE: https://github.com/PythonCharmers/python-future/pull/610
 	NOTE: https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f (v0.18.3)
 CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1  ...)
@@ -53557,11 +53564,14 @@ CVE-2022-39210 (Nextcloud android is the official Android client for the Nextclo
 	NOT-FOR-US: Nextcloud android
 CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
 	- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
+	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
 	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed>
+	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
 	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- ghostwriter 2.1.6+ds-1 (unimportant)
 	- ruby-commonmarker <unfixed>
+	[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
 	[buster] - ruby-commonmarker <no-dsa> (Minor issue)
 	- r-cran-commonmark 1.8.1-1
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230413/d7c7098b/attachment.htm>


More information about the debian-security-tracker-commits mailing list