[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jul 22 19:21:10 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e9b0974 by Moritz Muehlenhoff at 2023-07-22T20:20:45+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2810,11 +2810,15 @@ CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in firmw
 	NOT-FOR-US: Intelbras
 CVE-2023-35947 (Gradle is a build tool with a focus on build automation and support fo ...)
 	- gradle <unfixed> (bug #1041424)
+	[bookworm] - gradle <no-dsa> (Minor issue)
+	[bullseye] - gradle <no-dsa> (Minor issue)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842
 	NOTE: https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 (v8.2.0-RC3)
 	NOTE: https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 (v8.2.0-RC3)
 CVE-2023-35946 (Gradle is a build tool with a focus on build automation and support fo ...)
 	- gradle <unfixed> (bug #1041424)
+	[bookworm] - gradle <no-dsa> (Minor issue)
+	[bullseye] - gradle <no-dsa> (Minor issue)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v
 	NOTE: https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d (v8.2.0-RC3)
 	NOTE: https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 (v8.2.0-RC3)
@@ -3275,10 +3279,14 @@ CVE-2023-3354 (A flaw was found in the QEMU built-in VNC server. When a client c
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html
 CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...)
 	- plantuml <unfixed> (bug #1040000)
+	[bookworm] - plantuml <no-dsa> (Minor issue)
+	[bullseye] - plantuml <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/
 	NOTE: https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 (v1.2023.9)
 CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml prior t ...)
 	- plantuml <unfixed> (bug #1039999)
+	[bookworm] - plantuml <no-dsa> (Minor issue)
+	[bullseye] - plantuml <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/
 	NOTE: https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e (v1.2023.9)
 CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 23.6.12 ...)
@@ -18042,6 +18050,8 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili
 CVE-2023-1386 [9pfs: SUID/SGID bits not dropped on file write]
 	RESERVED
 	- qemu <unfixed>
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://github.com/v9fs/linux/issues/29
 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to  ...)
 	NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
@@ -96035,6 +96045,8 @@ CVE-2022-26838
 	RESERVED
 CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
 	- plantuml <unfixed> (bug #1039989)
+	[bookworm] - plantuml <no-dsa> (Minor issue)
+	[bullseye] - plantuml <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/
 	NOTE: https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903 (v1.2022.4)
 CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary code on ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -40,8 +40,12 @@ nodejs
 nova/oldstable
 --
 openjdk-11/oldstable (jmm)
+  needs asmtools backport in bullseye
 --
 openjdk-17 (jmm)
+  needs testng7 backports
+--
+orthanc (jmm)
 --
 php-cas/oldstable
 --
@@ -77,7 +81,8 @@ ruby-tzinfo/oldstable
 --
 salt/oldstable
 --
-samba/oldstable
+samba (jmm)
+  oldstable likely to be EOLed partly
 --
 sox
   all issues unfixed upstream



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b09747bdde2652d3536e1d4e4df8b8de22de4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b09747bdde2652d3536e1d4e4df8b8de22de4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230722/56eabc9f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list