[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2022-45748 in assimp for buster LTS.

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf84451f by Chris Lamb at 2023-01-31T08:32:34-08:00
Triage CVE-2022-45748 in assimp for buster LTS.

- - - - -
65ea5a6d by Chris Lamb at 2023-01-31T08:33:04-08:00
Triage CVE-2022-48285 in node-jszip for buster LTS.

- - - - -
0b032dad by Chris Lamb at 2023-01-31T08:33:23-08:00
Triage CVE-2023-24056 in pkgconf for buster LTS.

- - - - -
e12b04c1 by Chris Lamb at 2023-01-31T08:35:02-08:00
data/dla-needed.txt: Triage sssd for buster LTS (CVE-2022-4254)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -575,6 +575,7 @@ CVE-2023-0563 (A vulnerability classified as problematic has been found in PHPGu
 CVE-2022-48285 (loadAsync in JSZip before 3.8.0 allows Directory Traversal via a craft ...)
 	- node-jszip 3.10.0+dfsg-1
 	[bullseye] - node-jszip <no-dsa> (Minor issue)
+	[buster] - node-jszip <no-dsa> (Minor issue)
 	NOTE: https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 (v3.8.0)
 CVE-2023-0562 (A vulnerability was found in PHPGurukul Bank Locker Management System  ...)
 	NOT-FOR-US: PHPGurukul Bank Locker Management System
@@ -2016,6 +2017,7 @@ CVE-2023-24057 (HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow att
 CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbounded str ...)
 	- pkgconf 1.8.1-1
 	[bullseye] - pkgconf <no-dsa> (Minor issue)
+	[buster] - pkgconf <no-dsa> (Minor issue)
 	NOTE: https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023 (pkgconf-1.9.4, pkgconf-1.8.1)
 	NOTE: https://nullprogram.com/blog/2023/01/18/
 CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default installation) allows ...)
@@ -16044,6 +16046,7 @@ CVE-2022-45749
 CVE-2022-45748 (An issue was discovered with assimp 5.1.4, a use after free occurred i ...)
 	- assimp <unfixed> (bug #1029833)
 	[bullseye] - assimp <no-dsa> (Minor issue)
+	[buster] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/4286
 CVE-2022-45747
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -300,6 +300,9 @@ sox (Helmut Grohne)
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/sox.git
   NOTE: 20230127: There is no point in dealing with sox. No upstream commit in 1.5 years. No answer to Enrico's upstream ticket. RedHat issued notabug. Unfixed in stable and unstable. Don't run sox on untrusted input. (Helmut)
 --
+sssd
+  NOTE: 20230131: Programming language: C.
+--
 thunderbird (Emilio)
   NOTE: 20230123: Programming language: C++
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d3de918d2ee9a2bbc1bb1055ae96b70e6813d318...e12b04c13ae1a8f65887272b222c85ea691fd06c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d3de918d2ee9a2bbc1bb1055ae96b70e6813d318...e12b04c13ae1a8f65887272b222c85ea691fd06c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230131/8dbfc190/attachment.htm>