[Git][security-tracker-team/security-tracker][master] bullseye triage

Mon Jan 30 12:15:00 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e5dd925 by Moritz Muehlenhoff at 2023-01-30T13:14:37+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2935,6 +2935,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0002]
 	NOTE: https://github.com/rust-lang/git2-rs/pull/909
 CVE-2023-XXXX [RUSTSEC-2022-0078]
 	- rust-bumpalo <unfixed>
+	[bullseye] - rust-bumpalo <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html
 	NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
 CVE-2023-23698
@@ -12387,6 +12388,7 @@ CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has b
 	NOT-FOR-US: morontt zend-blog-number-2
 CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib py ...)
 	- python-pyrdfa 3.5.2+20220329~ds-1 (bug #1026051)
+	[bullseye] - python-pyrdfa <no-dsa> (Minor issue)
 	NOTE: https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e
 	NOTE: https://github.com/RDFLib/pyrdfa3/pull/40
 CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
@@ -31025,6 +31027,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin
 	NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3)
 CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to  ...)
 	- puppet-module-puppetlabs-mysql <unfixed> (bug #1027154)
+	[bullseye] - puppet-module-puppetlabs-mysql <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/CVE-2022-3276
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0)
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0)
@@ -45186,6 +45189,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi
 	NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0)
 CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...)
 	- redis 5:7.0.8-1
+	[bullseye] - redis <no-dsa> (Minor issue)
 	NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8)
 CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...)
 	NOT-FOR-US: GitOps Tools Extension for VSCode
@@ -81059,6 +81063,7 @@ CVE-2022-23838
 CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
 	{DLA-2943-1}
 	- ruby-sidekiq <unfixed> (bug #1004193)
+	[bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
 CVE-2022-23836
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5dd925f26f10f7189f3c8f80d0546f2470ac47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5dd925f26f10f7189f3c8f80d0546f2470ac47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/a2685c2a/attachment.htm>
