[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 12 15:49:31 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b690b335 by Moritz Muehlenhoff at 2023-12-12T16:48:39+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -262,6 +262,8 @@ CVE-2023-6356 [NULL pointer dereference in nvmet_tcp_build_iovec]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash]
- tar <unfixed> (bug #1058079)
+ [bookworm] - tar <no-dsa> (Minor issue)
+ [bullseye] - tar <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 (v1.35)
CVE-2023-6679 (A null pointer dereference vulnerability was found in dpll_pin_parent_ ...)
- linux <not-affected> (Vulnerable code not present)
@@ -2480,7 +2482,9 @@ CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3
NOT-FOR-US: Spring Boot
CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...)
- tomcat10 10.1.16-1 (bug #1057082)
+ [bookworm] - tomcat10 <postponed> (Minor issue, fix along in next DSA)
- tomcat9 9.0.70-2
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along in next DSA)
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2023/11/28/2
NOTE: https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08 (10.1.16)
@@ -15728,6 +15732,8 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem
NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17)
CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...)
- cacti 1.2.25+ds1-1
+ [bookworm] - cacti <no-dsa> (Minor issue)
+ [bullseye] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2
NOTE: Initial fix: https://github.com/Cacti/cacti/commit/976f44dd8dfb2410e0dba00de9c4bbca17ee8910 (release/1.2.25)
NOTE: Final fix: https://github.com/Cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 (release/1.2.25)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b690b335635f0f7a62c96ceca6f210c61812bb39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b690b335635f0f7a62c96ceca6f210c61812bb39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/93421d43/attachment.htm>
More information about the debian-security-tracker-commits
mailing list