[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 15 15:18:08 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b5a0150f by Moritz Muehlenhoff at 2023-06-15T16:17:42+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -183,6 +183,8 @@ CVE-2023-34944 (An arbitrary file upload vulnerability in the /fileUpload.lib.ph
NOT-FOR-US: Chamilo LMS
CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacke ...)
- hoteldruid <unfixed>
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
CVE-2023-34396 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
@@ -201,6 +203,8 @@ CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOTE: https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0 (8.1.x)
CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
- hoteldruid <unfixed>
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5
CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability)
@@ -1749,7 +1753,6 @@ CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19100
@@ -2149,7 +2152,6 @@ CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability e
CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <not-affected> (vulnerable code introduced later)
[buster] - wireshark <not-affected> (vulnerable code introduced in 4.0)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-17.html
@@ -2159,7 +2161,6 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
@@ -2167,7 +2168,6 @@ CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
@@ -2175,7 +2175,6 @@ CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
@@ -2190,7 +2189,6 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (Candump support added in 3.2)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html
@@ -22494,7 +22492,6 @@ CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-
CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.2)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.html
@@ -22505,7 +22502,6 @@ CVE-2023-0667 (Due to failure in validating the length provided by an attacker-c
CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.4)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-18.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a0150f14a209fc66007eae1e8e8a9ba3318c47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a0150f14a209fc66007eae1e8e8a9ba3318c47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/ac6120b7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list