[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 15 16:48:55 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7c31718 by Moritz Muehlenhoff at 2023-02-15T17:48:34+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -235,6 +235,7 @@ CVE-2023-0806
 	RESERVED
 CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...)
 	- phpmyadmin 4:5.2.1+dfsg-1
+	[bullseye] - phpmyadmin <no-dsa> (Minor issue)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
 CVE-2023-25726
 	RESERVED
@@ -10635,6 +10636,7 @@ CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earl
 	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
 	- pgpool2 <unfixed> (bug #1030048)
+	[bullseye] - pgpool2 <no-dsa> (Minor issue)
 	NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News
 CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5. ...)
 	NOT-FOR-US: CONPROSYS
@@ -72086,6 +72088,7 @@ CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may pot
 CVE-2022-27672 (When SMT is enabled, certain AMD processors may speculatively execute  ...)
 	- linux 6.1.12-1
 	- xen <unfixed>
+	[bullseye] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/4
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
 	NOTE: https://xenbits.xen.org/xsa/advisory-426.html


=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ apr-util (carnil)
 --
 apr (carnil)
 --
+curl
+--
 firefox-esr (jmm)
 --
 frr
@@ -30,6 +32,8 @@ linux (carnil)
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream
 --
+nss
+--
 multipath-tools
   Tobias Frost proposed a potential update to be reviewed, maintainer asked to review changes
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c31718befd1381e7360aee9f0689aee6957cdb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c31718befd1381e7360aee9f0689aee6957cdb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230215/3dab92ba/attachment.htm>


More information about the debian-security-tracker-commits mailing list