[Git][security-tracker-team/security-tracker][master] buster/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Apr 28 08:56:12 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af62c18b by Moritz Muehlenhoff at 2023-04-28T09:53:56+02:00
buster/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7221,6 +7221,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
- ruby2.7 <removed>
- ruby2.5 <removed>
- jruby <unfixed>
+ [bookworm] - jruby <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4)
NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2)
NOTE: Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2)
@@ -7231,6 +7232,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
- ruby2.7 <removed>
- ruby2.5 <removed>
- jruby <unfixed>
+ [bookworm] - jruby <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4)
NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1)
NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
@@ -12873,11 +12875,13 @@ CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate
NOT-FOR-US: Diasoft File Replication Pro
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed> (bug #1034724)
+ [bookworm] - libyang2 <no-dsa> (Minor issue)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1987
NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed> (bug #1034154)
+ [bookworm] - libyang2 <no-dsa> (Minor issue)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1979
NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55)
@@ -15133,6 +15137,7 @@ CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...)
- iortcw <unfixed> (bug #1031732)
+ [bookworm] - iortcw <no-dsa> (Minor issue)
[bullseye] - iortcw <no-dsa> (Minor issue)
[buster] - iortcw <end-of-life> (games are not supported in LTS)
NOTE: https://github.com/rtcwcoop/rtcwcoop/pull/45
@@ -91298,14 +91303,17 @@ CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
- hdf5 <unfixed> (bug #1031726)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
- hdf5 <unfixed> (bug #1031726)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
- hdf5 <unfixed> (bug #1031726)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
@@ -282853,6 +282861,7 @@ CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which a
NOT-FOR-US: Apache CFX
CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me" config ...)
- shiro <unfixed> (low; bug #947945)
+ [bookworm] - shiro <no-dsa> (Minor issue)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
[stretch] - shiro <no-dsa> (Minor issue)
@@ -295343,6 +295352,8 @@ CVE-2019-8399
RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- hdf5 <unfixed> (bug #1034838)
+ [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [bullseye] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
@@ -295355,6 +295366,8 @@ CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
NOTE: Negligible security impact, malicous scientific data has more issues than a crash
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
- hdf5 <unfixed> (bug #1034838)
+ [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [bullseye] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release.
@@ -340618,6 +340631,8 @@ CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...)
- hdf5 <unfixed> (bug #1034807)
+ [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [bullseye] - hdf5 <no-dsa> (Minor issue)
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10479
CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
- hdf5 1.10.4+repack-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af62c18b7bbb35370ae23506cecbf73b569385d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af62c18b7bbb35370ae23506cecbf73b569385d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230428/0e29742f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list