[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-37819,libitext*-java: no-dsa for Buster
Markus Koschany (@apo)
apo at debian.org
Sat Jul 29 22:52:26 BST 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78b42d55 by Markus Koschany at 2023-07-29T16:53:50+02:00
CVE-2021-37819,libitext*-java: no-dsa for Buster
Minor issue
- - - - -
028d5267 by Markus Koschany at 2023-07-29T23:43:47+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
07db09cd by Markus Koschany at 2023-07-29T23:45:35+02:00
CVE-2023-38633,librsvg: buster is not affected
The vulnerable code was introduced later. Upstream introduced the new logic to
decide wheter to allow loading files in
https://gitlab.gnome.org/GNOME/librsvg/-/commit/7534fd46a1e295fbc6ff9cfa199d29152b8542bf
which is not present in Buster and earlier versions. The POC triggers for
Bullseye and later versions.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -662,6 +662,7 @@ CVE-2023-3827 (A vulnerability was found in Bug Finder Listplace Directory Listi
NOT-FOR-US: Bug Finder
CVE-2023-38633 (A directory traversal problem in the URL decoder of librsvg before 2.5 ...)
- librsvg <unfixed> (bug #1041810)
+ [buster] - librsvg <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1213502
NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/15293f1243e1dd4756ffc1d13d5a8ea49167174f (2.54.6)
@@ -144600,9 +144601,11 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
- libitext1-java <unfixed>
[bookworm] - libitext1-java <no-dsa> (Minor issue)
[bullseye] - libitext1-java <no-dsa> (Minor issue)
+ [buster] - libitext1-java <no-dsa> (Minor issue)
- libitext5-java <unfixed>
[bookworm] - libitext5-java <no-dsa> (Minor issue)
[bullseye] - libitext5-java <no-dsa> (Minor issue)
+ [buster] - libitext5-java <no-dsa> (Minor issue)
NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0)
NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230729/a6654217/attachment.htm>
More information about the debian-security-tracker-commits
mailing list