[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Dec 4 15:23:28 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aac75138 by Moritz Muehlenhoff at 2023-12-04T16:22:52+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -376,8 +376,9 @@ CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2023-4317 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-49735 (** UNSUPPORTED WHEN ASSIGNED **  The value set as the DefaultLocaleRes ...)
-	- tiles <unfixed> (bug #1057315)
+	- tiles <unfixed> (unimportant; bug #1057315)
 	NOTE: https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p
+	NOTE: Negligible security impact as packaged in Debian
 CVE-2023-48894 (Incorrect Access Control vulnerability in jshERP V3.3 allows attackers ...)
 	NOT-FOR-US: jshERP
 CVE-2023-48016 (Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in ...)
@@ -855,6 +856,8 @@ CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra an
 	NOT-FOR-US: CarrierWave
 CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives  ...)
 	- python-cryptography <unfixed> (bug #1057108)
+	[bookworm] - python-cryptography <no-dsa> (Minor issue)
+	[bullseye] - python-cryptography <no-dsa> (Minor issue)
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
 	NOTE: https://github.com/pyca/cryptography/pull/9926
 	NOTE: https://github.com/pyca/cryptography/commit/1e7b4d074e14c4e694d3ce69ad6754a6039fd6ff (main)
@@ -59994,7 +59997,9 @@ CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services produ
 	NOT-FOR-US: Oracle
 CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mariadb 1:10.11.6-1
+	[bookworm] - mariadb <no-dsa> (Minor issue, will be fixed via point update)
 	- mariadb-10.5 <removed>
+	[bullseye] - mariadb-10.5 <no-dsa> (Minor issue, will be fixed via point update)
 	- mariadb-10.3 <removed>
 	- mysql-8.0 8.0.35-1 (bug #1055034)
 	NOTE: Fixed in MariaDB: 11.2.2, 11.1.3, 11.0.4, 10.11.6, 10.10.7, 10.6.16, 10.5.23, 10.4.32



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac75138bca9bd8c5b3d31abb68c4972fee9f4fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac75138bca9bd8c5b3d31abb68c4972fee9f4fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231204/48bc8b8b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list