[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Feb 21 18:04:32 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c102f0c6 by Moritz Muehlenhoff at 2023-02-21T19:04:11+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -82630,6 +82630,7 @@ CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.ph
NOT-FOR-US: Luocms
CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...)
- audiofile <unfixed> (bug #1008017)
+ [bookworm] - audiofile <no-dsa> (Minor issue)
[bullseye] - audiofile <no-dsa> (Minor issue)
[buster] - audiofile <no-dsa> (Minor issue)
[stretch] - audiofile <no-dsa> (Minor issue)
@@ -128644,6 +128645,7 @@ CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because
NOT-FOR-US: Pexip Infinity
CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 characters o ...)
- keystone <unfixed> (bug #989998)
+ [bookworm] - keystone <no-dsa> (Minor issue)
[bullseye] - keystone <no-dsa> (Minor issue)
[buster] - keystone <no-dsa> (Minor issue)
[stretch] - keystone <end-of-life> (Keystone is not supported in stretch)
@@ -265105,6 +265107,7 @@ CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
- audiofile <unfixed> (low; bug #931343)
+ [bookworm] - audiofile <no-dsa> (Minor issue)
[bullseye] - audiofile <ignored> (Minor issue)
[buster] - audiofile <ignored> (Minor issue)
[stretch] - audiofile <no-dsa> (Minor issue)
@@ -268147,6 +268150,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ...)
- qemu <unfixed> (low; bug #972099)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
- qemu-kvm <removed>
@@ -292230,8 +292234,9 @@ CVE-2018-20544 (There is floating point exception at caca/dither.c (function cac
NOTE: https://github.com/cacalabs/libcaca/issues/36
NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
CVE-2018-20543 (There is an attempted excessive memory allocation at libxsmm_sparse_cs ...)
- - libxsmm <unfixed> (bug #917573)
+ - libxsmm <unfixed> (unimportant; bug #917573)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652634
+ NOTE: Negligible security impact
CVE-2018-20542 (There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c ...)
- libxsmm 1.17-1 (bug #917526)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652633
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c102f0c69020082f0c59095fd1dc85a128c3ee2b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c102f0c69020082f0c59095fd1dc85a128c3ee2b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/9e5573aa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list