[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Tue Aug 29 11:53:30 BST 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12ab88d6 by Moritz Muehlenhoff at 2023-08-29T12:53:13+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,6 +105,8 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr
 	TODO: check
 CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...)
 	- busybox <unfixed>
+	[bookworm] - busybox <no-dsa> (Minor issue)
+	[bullseye] - busybox <no-dsa> (Minor issue)
 	NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
 CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
 	NOT-FOR-US: Free and Open Source Inventory Management System
@@ -1875,14 +1877,18 @@ CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract de
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...)
 	- php8.2 <unfixed> (bug #1043477)
+	[bookworm] - php8.2 <postponed> (Fix along in future update)
 	- php7.4 <removed>
+	[bullseye] - php7.4 <postponed> (Fix along in future update)
 	- php7.3 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
 	NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30)
 	NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...)
 	- php8.2 <unfixed> (bug #1043477)
+	[bookworm] - php8.2 <postponed> (Fix along in future update)
 	- php7.4 <removed>
+	[bullseye] - php7.4 <postponed> (Fix along in future update)
 	- php7.3 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
 	NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30)


=====================================
data/dsa-needed.txt
=====================================
@@ -16,15 +16,18 @@ aom/oldstable (apo)
 --
 cinder/oldstable
 --
+file/oldstable
+--
 flac/oldstable
 --
 frr (aron)
   maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea
 --
+json-c/oldstable (jmm)
+--
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
 --
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230829/f62ca071/attachment-0001.htm>
