[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 13 20:01:20 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae04ed3a by Moritz Muehlenhoff at 2023-04-13T21:00:53+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13503,6 +13503,7 @@ CVE-2023-0843
 	RESERVED
 CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...)
 	- node-xml2js <unfixed> (bug #1034148)
+	[bullseye] - node-xml2js <no-dsa> (Minor issue)
 	NOTE: https://fluidattacks.com/advisories/myers/
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
@@ -114742,33 +114743,40 @@ CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is
 CVE-2021-43318
 	RESERVED
 CVE-2021-43317 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/380
 	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43316 (A heap-based buffer overflow was discovered in upx, during the generic ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/381
 	NOTE: https://github.com/upx/upx/commit/962c35aa08ef3dcee13d3f7ef6e2d845da912f25
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43315 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/380
 	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43314 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/380
 	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43313 (A heap-based buffer overflow was discovered in upx, during the variabl ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/378
 	NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43312 (A heap-based buffer overflow was discovered in upx, during the variabl ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/379
 	NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43311 (A heap-based buffer overflow was discovered in upx, during the generic ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/380
 	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a  ...)
 	NOT-FOR-US: Keylime
 CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
@@ -248734,6 +248742,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c
 CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escalation  ...)
 	{DLA-3369-1}
 	- runc 1.1.5+ds1-1 (bug #1033520)
+	[bullseye] - runc <no-dsa> (Minor issue)
 	NOTE: https://github.com/opencontainers/runc/issues/3751
 	NOTE: https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
 	NOTE: https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9


=====================================
data/dsa-needed.txt
=====================================
@@ -36,6 +36,8 @@ php-horde-turba
 --
 py7zr
 --
+python-werkzeug
+--
 ring
   might make sense to rebase to current version
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae04ed3abf8cee70d58176f91eff1b15dc35589c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae04ed3abf8cee70d58176f91eff1b15dc35589c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230413/64e035a6/attachment.htm>

More information about the debian-security-tracker-commits mailing list