[Git][security-tracker-team/security-tracker][master] 6 commits: CVE-2023-29383,shadow: Buster is no-dsa

Markus Koschany (@apo) apo at debian.org
Sun Apr 16 23:58:27 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0686f73 by Markus Koschany at 2023-04-17T00:08:33+02:00
CVE-2023-29383,shadow: Buster is no-dsa

Minor issue

- - - - -
f4dddb00 by Markus Koschany at 2023-04-17T00:48:02+02:00
CVE-2023-26555,ntp: Buster is no-dsa

Minor issue

- - - - -
ced44e69 by Markus Koschany at 2023-04-17T00:49:01+02:00
CVE-2022-48434,ffmpeg: Buster is postponed

- - - - -
85af2f26 by Markus Koschany at 2023-04-17T00:50:19+02:00
CVE-2023-28439,ckeditor3: Buster is EOL

- - - - -
92833122 by Markus Koschany at 2023-04-17T00:53:01+02:00
Triage cmark-gfm for Buster

- - - - -
abb9885e by Markus Koschany at 2023-04-17T00:57:47+02:00
Triage python-cmarkgfm for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3614,6 +3614,7 @@ CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniA
 CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
 	- shadow <unfixed> (bug #1034482)
 	[bullseye] - shadow <no-dsa> (Minor issue)
+	[buster] - shadow <no-dsa> (Minor issue)
 	NOTE: https://github.com/shadow-maint/shadow/pull/687
 	NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
 	NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
@@ -4879,6 +4880,7 @@ CVE-2023-1691
 CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and  ...)
 	- ffmpeg 7:5.1.2-1
 	[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
+	[buster] - ffmpeg <postponed> (Wait until the backport to 4.x)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2)
 CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak thro ...)
@@ -6723,6 +6725,7 @@ CVE-2023-28440
 CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed> (bug #1034481)
 	- ckeditor3 <unfixed>
+	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef (4.21.0)
 CVE-2023-28438 (Pimcore is an open source data and experience management platform. Pri ...)
@@ -11973,6 +11976,7 @@ CVE-2023-26556
 CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...)
 	- ntp <removed>
 	[bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver)
+	[buster] - ntp <no-dsa> (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver)
 	NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
 CVE-2023-26554 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...)
 	- ntp <removed> (unimportant)
@@ -12290,9 +12294,11 @@ CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1034171)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1034172)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1034173)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -17161,9 +17167,11 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1034171)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1034172)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1034173)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24721,9 +24729,11 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1033110)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1033111)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1033112)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24736,9 +24746,11 @@ CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1033110)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1033111)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1033112)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24750,9 +24762,11 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1033110)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1033111)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1033112)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
@@ -24764,9 +24778,11 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	- cmark-gfm <unfixed> (bug #1033110)
 	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1033111)
 	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- r-cran-commonmark <unfixed> (bug #1033112)
 	[bookworm] - r-cran-commonmark <no-dsa> (Minor issue)
 	[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22df26e14c974a755876f3fbeff37edba6dc5a9b...abb9885e87964da80fee6383d745e06691e32396

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22df26e14c974a755876f3fbeff37edba6dc5a9b...abb9885e87964da80fee6383d745e06691e32396
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230416/e4127ea0/attachment.htm>

More information about the debian-security-tracker-commits mailing list