[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 24 13:41:37 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4d1ee1f by Moritz Muehlenhoff at 2023-02-24T14:41:20+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96080,6 +96080,7 @@ CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function
 	[bullseye] - svgpp <no-dsa> (Minor issue)
 	[buster] - svgpp <no-dsa> (Minor issue)
 	NOTE: https://github.com/svgpp/svgpp/issues/101
+	NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
 CVE-2021-44959
 	RESERVED
 CVE-2021-44958
@@ -119123,6 +119124,7 @@ CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3
 	[buster] - claws-mail <no-dsa> (Minor issue)
 	[stretch] - claws-mail <no-dsa> (Minor issue)
 	- sylpheed <unfixed> (bug #991723)
+	[bookworm] - sylpheed <no-dsa> (Minor issue)
 	[bullseye] - sylpheed <no-dsa> (Minor issue)
 	[buster] - sylpheed <no-dsa> (Minor issue)
 	[stretch] - sylpheed <no-dsa> (Minor issue)
@@ -178621,6 +178623,7 @@ CVE-2020-26881
 	RESERVED
 CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...)
 	- sympa <unfixed> (bug #972114)
+	[bookworm] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
 	[bullseye] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
 	[buster] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
 	[stretch] - sympa <postponed> (Mitigated, revisit when fixed upstream)
@@ -207645,6 +207648,7 @@ CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux ke
 	NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
 CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
 	- linux <unfixed> (bug #960702)
+	[bookworm] - linux <ignored> (Minor issue)
 	[bullseye] - linux <ignored> (Minor issue)
 	[buster] - linux <ignored> (Minor issue)
 CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before  ...)
@@ -257984,6 +257988,7 @@ CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There
 	[stretch] - linux 4.9.184-1
 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
 	- linux <unfixed>
+	[bookworm] - linux <postponed> (Revisit when correctly fixed upstream)
 	[bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -320576,6 +320581,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L
 	[jessie] - linux <ignored> (ntfs is not supportable)
 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered  ...)
 	- linux <unfixed> (low)
+	[bookworm] - linux <ignored> (Minor issue)
 	[bullseye] - linux <ignored> (Minor issue)
 	[buster] - linux <ignored> (Minor issue)
 	[stretch] - linux <ignored> (Minor issue)
@@ -324109,33 +324115,21 @@ CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Passwo
 CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ID ...)
 	NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
 CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...)
-	- sleuthkit <unfixed> (low; bug #902187)
-	[bullseye] - sleuthkit <ignored> (Minor issue)
-	[buster] - sleuthkit <ignored> (Minor issue)
-	[stretch] - sleuthkit <no-dsa> (Minor issue)
-	[jessie] - sleuthkit <no-dsa> (Minor issue)
+	- sleuthkit <unfixed> (unimportant; bug #902187)
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
+	NOTE: Negligible security impact
 CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...)
-	- sleuthkit <unfixed> (low; bug #902187)
-	[bullseye] - sleuthkit <ignored> (Minor issue)
-	[buster] - sleuthkit <ignored> (Minor issue)
-	[stretch] - sleuthkit <no-dsa> (Minor issue)
-	[jessie] - sleuthkit <no-dsa> (Minor issue)
+	- sleuthkit <unfixed> (unimportant; bug #902187)
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
+	NOTE: Negligible security impact
 CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
-	- sleuthkit <unfixed> (low; bug #902187)
-	[bullseye] - sleuthkit <ignored> (Minor issue)
-	[buster] - sleuthkit <ignored> (Minor issue)
-	[stretch] - sleuthkit <no-dsa> (Minor issue)
-	[jessie] - sleuthkit <no-dsa> (Minor issue)
+	- sleuthkit <unfixed> (unimportant; bug #902187)
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
+	NOTE: Negligible security impact
 CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
-	- sleuthkit <unfixed> (low; bug #902187)
-	[bullseye] - sleuthkit <ignored> (Minor issue)
-	[buster] - sleuthkit <ignored> (Minor issue)
-	[stretch] - sleuthkit <no-dsa> (Minor issue)
-	[jessie] - sleuthkit <no-dsa> (Minor issue)
+	- sleuthkit <unfixed> (unimportant; bug #902187)
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
+	NOTE: Negligible security impact
 CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can  ...)
 	- ruby-ffi <not-affected> (Windows-specific)
 CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.p ...)
@@ -376212,6 +376206,7 @@ CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traver
 	[wheezy] - rbenv <no-dsa> (Minor issue)
 	NOTE: https://github.com/rbenv/rbenv/issues/977
 	NOTE: .ruby-version is .rbenv-version in wheezy
+	NOTE: https://github.com/rbenv/rbenv/commit/370c26a6c9ee0511972ea04904fcc89014a22987 (v1.2.0)
 CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
 	NOT-FOR-US: Mautic
 CVE-2017-1000045



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/2cfc21e3/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list