[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2023-36675 as not-affected for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Jul 1 23:15:25 BST 2023 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52b88c21 by Thorsten Alteholz at 2023-07-01T23:52:51+02:00
mark CVE-2023-36675 as not-affected for Buster

- - - - -
39800307 by Thorsten Alteholz at 2023-07-01T23:58:37+02:00
add mediawiki

- - - - -
315f6018 by Thorsten Alteholz at 2023-07-01T23:59:12+02:00
update note

- - - - -
573a8110 by Thorsten Alteholz at 2023-07-02T00:05:14+02:00
mark CVE-2023-25515 and CVE-2023-25516 as postponed for Buster

- - - - -
4846fbed by Thorsten Alteholz at 2023-07-02T00:13:22+02:00
mark CVE-2023-36464 as not-affected for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,6 +411,7 @@ CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected ve
 	- pypdf2 <unfixed>
 	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	[bullseye] - pypdf2 <no-dsa> (Minor issue)
+	[buster] - pypdf2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/py-pdf/pypdf/pull/969
 	NOTE: https://github.com/py-pdf/pypdf/pull/1828
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8
@@ -663,6 +664,7 @@ CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the
 	NOT-FOR-US: Lenovo
 CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
 	- mediawiki 1:1.39.4-1
+	[buster] - mediawiki <not-affected> (partial blocking was introduced in 1.33)
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
 	NOTE: https://phabricator.wikimedia.org/T332889
 CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...)
@@ -23511,10 +23513,12 @@ CVE-2023-25516
 	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
 	- nvidia-graphics-drivers <unfixed> (bug #1039678)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
 CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
 	- nvidia-open-gpu-kernel-modules <unfixed> (bug #1039686)
@@ -23533,10 +23537,12 @@ CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe
 	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1039680)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
 	- nvidia-graphics-drivers <unfixed> (bug #1039678)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
 CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in  ...)
 	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799)


=====================================
data/dla-needed.txt
=====================================
@@ -114,6 +114,9 @@ libusrsctp (rouca)
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
+mediawiki
+  NOTE: 20230701: Added by Front-Desk (ta)
+--
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression
@@ -194,7 +197,7 @@ renderdoc
 ring (Thorsten Alteholz)
   NOTE: 20221120: Added by Front-Desk (ta)
   NOTE: 20230507: testing package
-  NOTE: 20230619: testing package, not all tests pass yet
+  NOTE: 20230701: testing package, not all tests pass yet
 --
 ruby-doorkeeper (Chris Lamb)
   NOTE: 20230618: Added by Front-Desk (opal)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8710c44c760f6e9ac50f440a766ba2fa66a4830...4846fbeda02c36bfe2c3e744ecfc3c0042159246
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230701/82482c7a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list