[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 13 15:11:52 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
765695dc by Moritz Muehlenhoff at 2023-04-13T16:09:55+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2098,11 +2098,13 @@ CVE-2023-29583
CVE-2023-29582
RESERVED
CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
- - yasm <unfixed>
+ - yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/216
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
- - yasm <unfixed>
+ - yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/215
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-29579
RESERVED
CVE-2023-29578
@@ -4143,6 +4145,7 @@ CVE-2023-1691
RESERVED
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...)
- ffmpeg 7:5.1.2-1
+ [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2)
CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak thro ...)
@@ -5125,6 +5128,7 @@ CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior
- teampass <itp> (bug #730180)
CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu <unfixed> (bug #1034179)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
{DSA-5379-1}
@@ -10488,10 +10492,12 @@ CVE-2023-26918
RESERVED
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed>
+ [bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1987
NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed> (bug #1034154)
+ [bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1979
NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55)
CVE-2023-26915
@@ -49422,6 +49428,7 @@ CVE-2022-40900
RESERVED
CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...)
- python-future <unfixed> (bug #1031699)
+ [bullseye] - python-future <no-dsa> (Minor issue)
NOTE: https://github.com/PythonCharmers/python-future/pull/610
NOTE: https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f (v0.18.3)
CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 ...)
@@ -53557,11 +53564,14 @@ CVE-2022-39210 (Nextcloud android is the official Android client for the Nextclo
NOT-FOR-US: Nextcloud android
CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
+ [bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed>
+ [bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ghostwriter 2.1.6+ds-1 (unimportant)
- ruby-commonmarker <unfixed>
+ [bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
- r-cran-commonmark 1.8.1-1
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/765695dc67dfa6bcc2ffadf1fd19d21e973280c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230413/d7c7098b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list