[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 24 11:53:34 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb8ce9ac by Moritz Muehlenhoff at 2023-07-24T12:53:10+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -566,6 +566,8 @@ CVE-2018-25088 (A vulnerability, which was classified as critical, was found in
 	NOT-FOR-US: Blue Yonder postgraas_server
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor  ...)
 	- wolfssl <unfixed> (bug #1041699)
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/6412
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa (v5.6.2-stable)
 CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...)
@@ -696,8 +698,9 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow
 	NOTE: Negligible security impact
 CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...)
 	- pixman <unfixed>
+	[bookworm] - pixman <no-dsa> (Minor issue)
+	[bullseye] - pixman <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76
-	TODO: check, not clear if the issue only in the stress-test binary or affecting as well the library
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...)
 	NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...)
@@ -5424,6 +5427,8 @@ CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) i
 	NOT-FOR-US: KNIME Business Hub
 CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A design fla ...)
 	- sabnzbdplus 4.0.2+dfsg-1 (bug #1038949)
+	[bookworm] - sabnzbdplus <no-dsa> (Minor issue)
+	[bullseye] - sabnzbdplus <no-dsa> (Minor issue)
 	NOTE: https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc (4.0.2RC2)
 	NOTE: https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429 (4.0.2RC2)
 	NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r
@@ -65801,6 +65806,7 @@ CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Setting
 	NOT-FOR-US: MyBB
 CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...)
 	- nheko 0.10.2-1
+	[bullseye] - nheko <not-affected> (Vulnerable code not present)
 	[buster] - nheko <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7
 	NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2)
@@ -97668,6 +97674,7 @@ CVE-2022-28132
 CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...)
 	- golang-1.18 1.18.4-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/golang/go/issues/53614


=====================================
data/dsa-needed.txt
=====================================
@@ -55,6 +55,8 @@ php-horde-turba/oldstable
 --
 py7zr/oldstable
 --
+python-django (jmm)
+--
 python-glance-store/oldstable
 --
 python-os-brick/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8ce9ace77483ce137fb502a9265477525637cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230724/1d0f1e53/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list