[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-38497/cargo,rust-cargo: buster postponed

Sylvain Beucler (@beuc) beuc at debian.org
Thu Aug 10 13:12:17 BST 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc18d78d by Sylvain Beucler at 2023-08-10T14:10:45+02:00
CVE-2023-38497/cargo,rust-cargo: buster postponed

- - - - -
52ebd861 by Sylvain Beucler at 2023-08-10T14:10:47+02:00
openbabel: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1036,9 +1036,11 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
 	- cargo <unfixed>
 	[bookworm] - cargo <no-dsa> (Minor issue)
 	[bullseye] - cargo <no-dsa> (Minor issue)
+	[buster] - cargo <postponed> (Minor issue, hard to exploit)
 	- rust-cargo <unfixed>
 	[bookworm] - rust-cargo <no-dsa> (Minor issue)
 	[bullseye] - rust-cargo <no-dsa> (Minor issue)
+	[buster] - rust-cargo <postponed> (Minor issue, hard to exploit)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
 	NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
@@ -46531,41 +46533,49 @@ CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the transl
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
 CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
 CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format  ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
 CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format  ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670
 CVE-2022-46278
 	RESERVED
@@ -46607,6 +46617,7 @@ CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI f
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669
 CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...)
 	NOT-FOR-US: Ichitaro
@@ -46618,11 +46629,13 @@ CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format co
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
 CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format  ...)
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668
 CVE-2022-42489
 	RESERVED
@@ -46708,6 +46721,7 @@ CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format ti
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667
 CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...)
 	{DSA-5293-1}
@@ -46750,6 +46764,7 @@ CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian form
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672
 CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
 	NOT-FOR-US: Siemens
@@ -56901,6 +56916,7 @@ CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format a
 	- openbabel <unfixed>
 	[bookworm] - openbabel <no-dsa> (Minor issue)
 	[bullseye] - openbabel <no-dsa> (Minor issue)
+	[buster] - openbabel <postponed> (Minor issue, no upstream patch yet)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664
 CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...)
 	NOT-FOR-US: EIP Stack Group OpENer



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/48744c9455c9ea98919e1d0d02797ae01ec9a604...52ebd8611f091033bbbe0ef682fc449de596e694

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/48744c9455c9ea98919e1d0d02797ae01ec9a604...52ebd8611f091033bbbe0ef682fc449de596e694
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/3d9b0ded/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list