[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 23 11:28:59 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab4493a4 by Moritz Muehlenhoff at 2023-08-23T12:28:33+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18085,6 +18085,8 @@ CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android expose
 	NOT-FOR-US: laola.redbull
 CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on  ...)
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	[buster] - zabbix <not-affected> (vulnerable code introduced later)
 	NOTE: This appears to be bug in Zabbix's use of duktape, not an issue in src:duktape per se
 	NOTE: https://support.zabbix.com/browse/ZBX-22989
@@ -18092,18 +18094,26 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a foc
 CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off  ...)
 	{DLA-3538-1}
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22988
 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...)
 	{DLA-3538-1}
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22987
 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...)
 	{DLA-3538-1}
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22986
 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...)
 	{DLA-3538-1}
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453
 	RESERVED
@@ -19169,11 +19179,11 @@ CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allo
 CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester Simple Task Allocation System
 CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools software  ...)
-	- mdadm <unfixed>
+	- mdadm <undetermined>
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
 	TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
 CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...)
-	- mdadm <unfixed>
+	- mdadm <undetermined>
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
 	TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2
 CVE-2023-28717
@@ -45573,8 +45583,9 @@ CVE-2022-47071 (In NVS365 V01, the background network test function can trigger
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
 	NOT-FOR-US: NVS365 V01
 CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...)
-	- p7zip <unfixed>
+	- p7zip <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/p7zip/bugs/241/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-47068
 	RESERVED
 CVE-2022-47067
@@ -85001,6 +85012,8 @@ CVE-2022-34039
 	RESERVED
 CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of service via f ...)
 	- etcd <unfixed>
+	[bookworm] - etcd <no-dsa> (Minor issue)
+	[bullseye] - etcd <no-dsa> (Minor issue)
 	NOTE: https://github.com/etcd-io/etcd/pull/14022
 	NOTE: https://github.com/etcd-io/etcd/pull/14452
 	NOTE: Fixed by: https://github.com/etcd-io/etcd/commit/5a315ef88fbfa454e02d27b0b8acb4f89457cd90
@@ -223972,9 +223985,10 @@ CVE-2020-19911
 CVE-2020-19910
 	RESERVED
 CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via cr ...)
-	- curl 7.66.0-1
+	- curl 7.66.0-1 (unimportant)
 	NOTE: https://github.com/curl/curl/pull/4166
 	NOTE: Fixed by: https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d (curl-7_66_0)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-19908
 	RESERVED
 CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4493a4a6698de08f74da2a1816649ee55fdc6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/0d14b0bc/attachment.htm>

More information about the debian-security-tracker-commits mailing list