[Git][security-tracker-team/security-tracker][master] bullseye triage

Wed Jan 18 14:37:58 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9a278be by Moritz Muehlenhoff at 2023-01-18T15:37:34+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -712,10 +712,10 @@ CVE-2023-0290
 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
 	NOT-FOR-US: craigk5n/webcalendar
 CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed>
-	[buster] - vim <no-dsa> (Minor issue)
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
 	NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...)
 	NOT-FOR-US: ityouknow favorites-web
 CVE-2023-0286
@@ -2487,6 +2487,7 @@ CVE-2023-22900
 	RESERVED
 CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not  ...)
 	- zip4j 2.11.2-3 (bug #1029038)
+	[bullseye] - zip4j <no-dsa> (Minor issue)
 	NOTE: https://github.com/srikanth-lingala/zip4j/issues/485
 	NOTE: https://github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3
 CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...)
@@ -2678,6 +2679,7 @@ CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 an
 CVE-2022-4883
 	RESERVED
 	- libxpm 1:3.5.12-1.1
+	[bullseye] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15)
@@ -2728,11 +2730,13 @@ CVE-2022-48230
 CVE-2022-46285
 	RESERVED
 	- libxpm 1:3.5.12-1.1
+	[bullseye] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15)
 CVE-2022-44617
 	RESERVED
 	- libxpm 1:3.5.12-1.1
+	[bullseye] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb287c0030c9913b046643 (libXpm-3.5.15)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (libXpm-3.5.15)
@@ -2810,6 +2814,7 @@ CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It
 	NOT-FOR-US: Yomguithereal Baobab
 CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea  ...)
 	- libzen 0.4.39-1
+	[bullseye] - libzen <no-dsa> (Minor issue)
 	NOTE: https://github.com/MediaArea/ZenLib/pull/119
 	NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39)
 CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -67,6 +67,8 @@ sofia-sip
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
+swift
+--
 tiff (aron)
 --
 varnish (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9a278be78d80b41807a9bca05c586c0681c9ea1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9a278be78d80b41807a9bca05c586c0681c9ea1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230118/a7a47bca/attachment-0001.htm>
