[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 16 09:57:31 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a6be8e4 by Moritz Muehlenhoff at 2023-06-16T10:57:12+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1372,6 +1372,8 @@ CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
 	- qt6-base 6.4.2+dfsg-11 (bug #1037209)
 	- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
 	- qtbase-opensource-src-gles <unfixed>
+	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477560
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/480002
@@ -2485,6 +2487,8 @@ CVE-2023-32685 (Kanboard is project management software that focuses on the Kanb
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
 CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...)
 	- requests <unfixed> (bug #1036693)
+	[bookworm] - requests <no-dsa> (Minor issue)
+	[bullseye] - requests <no-dsa> (Minor issue)
 	NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
 	NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0)
 CVE-2023-31763 (Weak security in the transmitter of AGShome Smart Alarm v1.0 allows at ...)
@@ -2685,6 +2689,8 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.15.8+dfsg-11
 	- qtbase-opensource-src-gles <unfixed>
+	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644
 CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same  ...)
 	NOT-FOR-US: Nissan Sylphy Classic 2021
@@ -3639,6 +3645,8 @@ CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.
 CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...)
 	[experimental] - dav1d 1.2.0-1
 	- dav1d 1.2.1-2 (bug #1035950)
+	[bookworm] - dav1d <no-dsa> (Minor issue)
+	[bullseye] - dav1d <no-dsa> (Minor issue)
 	NOTE: https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0)
 CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
 	NOT-FOR-US: Veritas InfoScale Operations Manager
@@ -11396,18 +11404,18 @@ CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative exec
 	NOTE: https://git.kernel.org/linus/e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (5.18-rc2)
 CVE-2023-1636 [incomplete container isolation]
 	RESERVED
-	- barbican <unfixed>
+	- barbican <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181765
-	TODO: check, possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter
+	NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter
 CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared as probl ...)
 	NOT-FOR-US: OTCMS
 CVE-2023-1634 (A vulnerability was found in OTCMS 6.72. It has been classified as cri ...)
 	NOT-FOR-US: OTCMS
 CVE-2023-1633 [Insecure Barbican configuration file leaking credential]
 	RESERVED
-	- barbican <unfixed>
+	- barbican <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181761
-	TODO: check, possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter
+	NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter
 CVE-2023-1632 (** DISPUTED ** A vulnerability has been found in Ellucian Banner Web T ...)
 	NOT-FOR-US: Ellucian Banner Web Tailor
 CVE-2023-1631 (A vulnerability, which was classified as problematic, was found in Jia ...)
@@ -24530,6 +24538,7 @@ CVE-2023-24531
 CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::read_t ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034150)
+	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
@@ -24538,6 +24547,7 @@ CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::
 CVE-2023-24472 (A denial of service vulnerability exists in the FitsOutput::close() fu ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034151)
+	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6 (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750 (v2.4.8.1)
@@ -24545,6 +24555,7 @@ CVE-2023-24472 (A denial of service vulnerability exists in the FitsOutput::clos
 CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::decode_pix ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034150)
+	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a6be8e4b80e44f831669228a7bb02318d94ae36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a6be8e4b80e44f831669228a7bb02318d94ae36
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/6de6800e/attachment.htm>

More information about the debian-security-tracker-commits mailing list