[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 10 16:25:32 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10e64aab by Moritz Muehlenhoff at 2023-07-10T17:25:16+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -382,6 +382,8 @@ CVE-2023-35939 (GLPI is a free asset and IT management software package. Startin
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup format to a ...)
 	- pandoc <unfixed>
+	[bookworm] - pandoc <no-dsa> (Minor issue)
+	[bullseye] - pandoc <no-dsa> (Minor issue)
 	NOTE: https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g
 	NOTE: https://github.com/jgm/pandoc/commit/5e381e3878b5da87ee7542f7e51c3c1a7fd84b89 (3.1.4)
 CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.)
@@ -487,6 +489,8 @@ CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in Ap
 	NOT-FOR-US: Apache Any23
 CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of service]
 	- qemu <unfixed>
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
 	NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
 CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs showed e ...)
@@ -786,9 +790,13 @@ CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5
 	NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...)
 	- hnswlib <unfixed>
+	[bookworm] - hnswlib <no-dsa> (Minor issue)
+	[bullseye] - hnswlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/nmslib/hnswlib/issues/467
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...)
 	- pacparser <unfixed>
+	[bookworm] - pacparser <no-dsa> (Minor issue)
+	[bullseye] - pacparser <no-dsa> (Minor issue)
 	NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9
 	NOTE: https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2)
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in  ...)
@@ -24654,6 +24662,7 @@ CVE-2023-25400
 	RESERVED
 CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovere ...)
 	- scipy 1.10.0-2
+	[bullseye] - scipy <no-dsa> (Minor issue)
 	NOTE: https://github.com/scipy/scipy/issues/16235
 	NOTE: https://github.com/scipy/scipy/pull/16397
 	NOTE: Fixed by: https://github.com/scipy/scipy/commit/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 (v1.10.0rc1)
@@ -105049,10 +105058,14 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
 	[buster] - ruby-yajl <no-dsa> (Minor issue)
 	[stretch] - ruby-yajl <no-dsa> (Minor issue)
 	- yajl 2.1.0-4 (bug #1040036)
+	[bookworm] - yajl <no-dsa> (Minor issue)
+	[bullseye] - yajl <no-dsa> (Minor issue)
 	- burp <unfixed> (bug #1040146)
 	- crun <unfixed> (bug #1040147)
 	- epics-base <unfixed> (bug #1040159)
 	- r-cran-jsonlite <unfixed> (bug #1040161)
+	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
 	- xqilla <unfixed> (bug #1040164)
 	[bullseye] - xqilla <no-dsa> (Minor issue)
 	NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
@@ -382798,10 +382811,14 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
 	[stretch] - ruby-yajl <no-dsa> (Minor issue)
 	[jessie] - ruby-yajl <no-dsa> (Minor issue)
 	- yajl 2.1.0-4 (bug #1040036)
+	[bookworm] - yajl <no-dsa> (Minor issue)
+	[bullseye] - yajl <no-dsa> (Minor issue)
 	- burp <unfixed> (bug #1040146)
 	- crun <unfixed> (bug #1040147)
 	- epics-base <unfixed> (bug #1040159)
 	- r-cran-jsonlite <unfixed> (bug #1040161)
+	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
 	- xqilla <unfixed> (bug #1040164)
 	[bullseye] - xqilla <no-dsa> (Minor issue)
 	NOTE: https://github.com/brianmario/yajl-ruby/issues/176



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10e64aabadd2744bb59ee1f8be5f869c5c5022d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10e64aabadd2744bb59ee1f8be5f869c5c5022d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230710/373d3d4b/attachment.htm>

More information about the debian-security-tracker-commits mailing list