[Git][security-tracker-team/security-tracker][master] 3 commits: Mark poppler CVEs as no-dsa for buster
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Sun Aug 27 23:15:45 BST 2023
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ca099e7 by Utkarsh Gupta at 2023-08-26T15:03:57+05:30
Mark poppler CVEs as no-dsa for buster
- - - - -
99b5d438 by Utkarsh Gupta at 2023-08-26T15:06:07+05:30
Mark wireshark CVEs as no-dsa for buster
- - - - -
3f37c81e by Utkarsh Gupta at 2023-08-26T15:11:45+05:30
Add tryton-server to dla-needed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,6 +64,7 @@ CVE-2023-2906 (Due to a failure in validating the length provided by an attacker
- wireshark 4.0.8-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19229
CVE-2023-4534 (A vulnerability, which was classified as problematic, was found in Neo ...)
@@ -309,18 +310,21 @@ CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.
- wireshark 4.0.8-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html
CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...)
- wireshark 4.0.8-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
- wireshark 4.0.8-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html
CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...)
@@ -73733,6 +73737,7 @@ CVE-2022-38350
CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a reachable asser ...)
- poppler 22.12.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
+ [buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28 (poppler-22.09.0)
CVE-2022-38348
@@ -77123,16 +77128,19 @@ CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection vi
CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allows atta ...)
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
+ [buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c (poppler-22.08.0)
CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...)
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
+ [buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0)
CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...)
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
+ [buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 (poppler-22.08.0)
CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a ...)
=====================================
data/dla-needed.txt
=====================================
@@ -246,3 +246,7 @@ trafficserver
NOTE: 20230826: Ubuntu side and track the fixing commits. I'll update when
NOTE: 20230826: I have the answer here. (utkarsh)
--
+tryton-server
+ NOTE: 20230826: Added by Front-Desk (utkarsh)
+ NOTE: 20230826: sync with the DSA released. (utkarsh)
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d4f988a5442d2dbb52bd91084907ffb7bb6960...3f37c81eb9e0f7a6de071fc7d29e254029f62858
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d4f988a5442d2dbb52bd91084907ffb7bb6960...3f37c81eb9e0f7a6de071fc7d29e254029f62858
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230827/9f1ee85f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list