[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
325afb9a by Moritz Muehlenhoff at 2023-04-27T16:53:06+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5324,6 +5324,8 @@ CVE-2023-29324
 	RESERVED
 CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2  ...)
 	- opensmtpd <unfixed> (bug #1034178)
+	[bookworm] - opensmtpd <no-dsa> (Minor issue)
+	[bullseye] - opensmtpd <no-dsa> (Minor issue)
 	NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
 CVE-2023-29322
 	RESERVED
@@ -10152,6 +10154,7 @@ CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Serv
 	NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server
 CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for 64 bit ...)
 	- openssl <unfixed> (bug #1034720)
+	[bookworm] - openssl <postponed> (Minor issue, fix along with next security release)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	[buster] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb
@@ -46229,6 +46232,7 @@ CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) can
 	NOT-FOR-US: snowflake-connector-python
 CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
 	- pymatgen <unfixed> (bug #1024017)
+	[bookworm] - pymatgen <no-dsa> (Minor issue)
 	NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
 	NOTE: https://github.com/materialsproject/pymatgen/issues/2755
 CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
@@ -146011,6 +146015,8 @@ CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handle
 	NOT-FOR-US: Node hbs
 CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...)
 	- mootools <unfixed> (bug #1032664)
+	[bookworm] - mootools <no-dsa> (Minor issue)
+	[bullseye] - mootools <no-dsa> (Minor issue)
 	[buster] - mootools <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
 	NOTE: No plan to fix this upstream as upstream consider it too low impact.
@@ -155182,6 +155188,7 @@ CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
 CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
 	- pupnp-1.8 <unfixed> (bug #987326)
+	[bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
 	[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
 	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
 	- libupnp <removed>
@@ -158038,6 +158045,7 @@ CVE-2021-28303
 	RESERVED
 CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...)
 	- pupnp-1.8 <unfixed> (bug #986833)
+	[bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
 	[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
 	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
 	- libupnp <removed>
@@ -223767,6 +223775,7 @@ CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value
 CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...)
 	{DLA-2585-1 DLA-2238-1}
 	- pupnp-1.8 <unfixed> (bug #962282)
+	[bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
 	[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
 	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
 	- libupnp <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/325afb9a1284997efe475338d7551a6326a379ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/325afb9a1284997efe475338d7551a6326a379ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230427/76e41e63/attachment.htm>