[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 10 08:00:12 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
930574e9 by Moritz Muehlenhoff at 2023-02-10T08:59:38+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5363,6 +5363,7 @@ CVE-2023-23628 (Metabase is an open source data analytics platform. Affected ver
 	NOT-FOR-US: Metabase
 CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0  ...)
 	- ruby-sanitize <unfixed> (bug #1030047)
+	[bullseye] - ruby-sanitize <no-dsa> (Minor issue)
 	NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
 	NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1)
 CVE-2023-23626
@@ -10350,6 +10351,7 @@ CVE-2020-36628 (A vulnerability classified as critical has been found in Calsign
 	NOT-FOR-US: Calsign APDE
 CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been declared as pro ...)
 	- golang-github-go-macaron-i18n <unfixed>
+	[bullseye] - golang-github-go-macaron-i18n <no-dsa> (Minor issue)
 	[buster] - golang-github-go-macaron-i18n <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735 (v0.5.0)
 CVE-2020-36626 (A vulnerability classified as critical has been found in Modern Tribe  ...)
@@ -30290,9 +30292,10 @@ CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os]
 	RESERVED
-	- linux 6.1.4-1
+	- linux 6.1.4-1 (unimportant)
 	NOTE: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/
 	NOTE: https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+	NOTE: SGI_GRU not enabled in any Debian kernel
 CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...)
 	NOT-FOR-US: nocodb
 CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...)
@@ -34889,6 +34892,7 @@ CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the pr
 CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
 	{DLA-3262-1}
 	- smarty3 3.1.47-1 (bug #1019897)
+	[bullseye] - smarty3 <no-dsa> (Minor issue)
 	- smarty4 4.2.1-1 (bug #1019896)
 	NOTE: https://github.com/smarty-php/smarty/issues/454
 	NOTE: https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930574e97e267371947b4c9b04c882b39470f0ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930574e97e267371947b4c9b04c882b39470f0ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230210/c1d51df2/attachment.htm>

More information about the debian-security-tracker-commits mailing list