[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jul 23 23:08:39 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2b58355 by Moritz Muehlenhoff at 2023-07-24T00:08:07+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -382,6 +382,7 @@ CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC s
 	NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
 CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to denial of service]
 	- libvirt <unfixed> (bug #1041811)
+	[bookworm] - libvirt <no-dsa> (Minor issue)
 	[bullseye] - libvirt <not-affected> (Vulnerable code not present)
 	[buster] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://listman.redhat.com/archives/libvir-list/2023-July/240776.html
@@ -866,6 +867,8 @@ CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JS
 	NOT-FOR-US: rswag
 CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...)
 	- netkit-rsh <unfixed> (bug #1039689)
+	[bookworm] - netkit-rsh <no-dsa> (Minor issue)
+	[bullseye] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...)
 	NOT-FOR-US: WAYOS
 CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow v ...)
@@ -1476,6 +1479,7 @@ CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain
 	NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
 CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...)
 	- apache-jena <unfixed> (bug #1041108)
+	[bookworm] - apache-jena <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11
 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...)
 	NOT-FOR-US: WP-Members Membership plugin for WordPress
@@ -82979,10 +82983,14 @@ CVE-2022-33066
 	RESERVED
 CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in src/au ...)
 	- libsndfile <unfixed>
+	[bookworm] - libsndfile <no-dsa> (Minor issue)
+	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/833
 	NOTE: https://github.com/libsndfile/libsndfile/issues/789
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...)
 	- libsndfile <unfixed>
+	[bookworm] - libsndfile <no-dsa> (Minor issue)
+	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/832
 CVE-2022-33063
 	RESERVED
@@ -89981,6 +89989,7 @@ CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before
 	- golang-1.18 1.18.4-1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://go.dev/issue/53615
@@ -90003,6 +90012,7 @@ CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.
 	- golang-1.18 1.18.4-1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://go.dev/issue/53611
@@ -90014,6 +90024,7 @@ CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go 1.17.1
 	- golang-1.18 1.18.4-1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://go.dev/issue/53416
@@ -90025,6 +90036,7 @@ CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before Go
 	- golang-1.18 1.18.4-1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://go.dev/issue/53168



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b5835505e6d8dbfbe9bbda06307dd98111b7d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b5835505e6d8dbfbe9bbda06307dd98111b7d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230723/16b05144/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list