[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 24 13:41:37 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4d1ee1f by Moritz Muehlenhoff at 2023-02-24T14:41:20+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -96080,6 +96080,7 @@ CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function
[bullseye] - svgpp <no-dsa> (Minor issue)
[buster] - svgpp <no-dsa> (Minor issue)
NOTE: https://github.com/svgpp/svgpp/issues/101
+ NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
CVE-2021-44959
RESERVED
CVE-2021-44958
@@ -119123,6 +119124,7 @@ CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3
[buster] - claws-mail <no-dsa> (Minor issue)
[stretch] - claws-mail <no-dsa> (Minor issue)
- sylpheed <unfixed> (bug #991723)
+ [bookworm] - sylpheed <no-dsa> (Minor issue)
[bullseye] - sylpheed <no-dsa> (Minor issue)
[buster] - sylpheed <no-dsa> (Minor issue)
[stretch] - sylpheed <no-dsa> (Minor issue)
@@ -178621,6 +178623,7 @@ CVE-2020-26881
RESERVED
CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...)
- sympa <unfixed> (bug #972114)
+ [bookworm] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
[bullseye] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
[buster] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
[stretch] - sympa <postponed> (Mitigated, revisit when fixed upstream)
@@ -207645,6 +207648,7 @@ CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux ke
NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
- linux <unfixed> (bug #960702)
+ [bookworm] - linux <ignored> (Minor issue)
[bullseye] - linux <ignored> (Minor issue)
[buster] - linux <ignored> (Minor issue)
CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...)
@@ -257984,6 +257988,7 @@ CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There
[stretch] - linux 4.9.184-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
- linux <unfixed>
+ [bookworm] - linux <postponed> (Revisit when correctly fixed upstream)
[bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -320576,6 +320581,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L
[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...)
- linux <unfixed> (low)
+ [bookworm] - linux <ignored> (Minor issue)
[bullseye] - linux <ignored> (Minor issue)
[buster] - linux <ignored> (Minor issue)
[stretch] - linux <ignored> (Minor issue)
@@ -324109,33 +324115,21 @@ CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Passwo
CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ID ...)
NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...)
- - sleuthkit <unfixed> (low; bug #902187)
- [bullseye] - sleuthkit <ignored> (Minor issue)
- [buster] - sleuthkit <ignored> (Minor issue)
- [stretch] - sleuthkit <no-dsa> (Minor issue)
- [jessie] - sleuthkit <no-dsa> (Minor issue)
+ - sleuthkit <unfixed> (unimportant; bug #902187)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
+ NOTE: Negligible security impact
CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...)
- - sleuthkit <unfixed> (low; bug #902187)
- [bullseye] - sleuthkit <ignored> (Minor issue)
- [buster] - sleuthkit <ignored> (Minor issue)
- [stretch] - sleuthkit <no-dsa> (Minor issue)
- [jessie] - sleuthkit <no-dsa> (Minor issue)
+ - sleuthkit <unfixed> (unimportant; bug #902187)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
+ NOTE: Negligible security impact
CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
- - sleuthkit <unfixed> (low; bug #902187)
- [bullseye] - sleuthkit <ignored> (Minor issue)
- [buster] - sleuthkit <ignored> (Minor issue)
- [stretch] - sleuthkit <no-dsa> (Minor issue)
- [jessie] - sleuthkit <no-dsa> (Minor issue)
+ - sleuthkit <unfixed> (unimportant; bug #902187)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
+ NOTE: Negligible security impact
CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
- - sleuthkit <unfixed> (low; bug #902187)
- [bullseye] - sleuthkit <ignored> (Minor issue)
- [buster] - sleuthkit <ignored> (Minor issue)
- [stretch] - sleuthkit <no-dsa> (Minor issue)
- [jessie] - sleuthkit <no-dsa> (Minor issue)
+ - sleuthkit <unfixed> (unimportant; bug #902187)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
+ NOTE: Negligible security impact
CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can ...)
- ruby-ffi <not-affected> (Windows-specific)
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.p ...)
@@ -376212,6 +376206,7 @@ CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traver
[wheezy] - rbenv <no-dsa> (Minor issue)
NOTE: https://github.com/rbenv/rbenv/issues/977
NOTE: .ruby-version is .rbenv-version in wheezy
+ NOTE: https://github.com/rbenv/rbenv/commit/370c26a6c9ee0511972ea04904fcc89014a22987 (v1.2.0)
CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
NOT-FOR-US: Mautic
CVE-2017-1000045
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d1ee1f631e221934f12be5e38850328a864a51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/2cfc21e3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list