[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 16 16:11:52 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5113f761 by Moritz Muehlenhoff at 2023-06-16T17:11:32+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -772,6 +772,7 @@ CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently
 	NOT-FOR-US: Thruk
 CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...)
 	- cpdb-libs <unfixed>
+	[bookworm] - cpdb-libs <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
 	NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
 	NOTE: 1.2.x version predate the upstream commit 3f66d47252d5 ("print_frontend: Use
@@ -818,8 +819,8 @@ CVE-2023-2866 (If an attacker can trick an authenticated user into loading a mal
 	NOT-FOR-US: Advantech
 CVE-2023-3153 [service monitor MAC flow is not rate limited]
 	- ovn <unfixed>
+	[bookworm] - ovn <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
-	TODO: check details
 CVE-2023-3152 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Online Discussion Forum Site
 CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
@@ -1247,6 +1248,7 @@ CVE-2023-34414
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34414
 CVE-2023-XXXX [RUSTSEC-2023-0041]
 	- rust-trust-dns-server <unfixed>
+	[bookworm] - rust-trust-dns-server <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0041.html
 	NOTE: https://github.com/bluejekyll/trust-dns/pull/1952
 	NOTE: https://github.com/bluejekyll/trust-dns/commit/217974c0544483efe0c648befabb25bf88242716
@@ -1378,6 +1380,7 @@ CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust and Crab allows a denial
 	NOTE: Fixed by: https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c (0.8.14)
 CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
 	- qt6-base 6.4.2+dfsg-11 (bug #1037209)
+	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
 	- qtbase-opensource-src-gles <unfixed>
 	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -11252,6 +11255,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in
 	NOT-FOR-US: ForgeRock
 CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
 	- gpac <unfixed> (bug #1034187)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
 	NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4
@@ -17292,6 +17296,7 @@ CVE-2023-27044
 	RESERVED
 CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-mail ad ...)
 	- python3.11 <unfixed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.10 <unfixed>
 	- python3.9 <removed>
 	- python3.7 <removed>
@@ -25205,6 +25210,7 @@ CVE-2023-24330
 	RESERVED
 CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows  ...)
 	- python3.11 3.11.4-1
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
@@ -36703,6 +36709,7 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL
 	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read  ...)
 	- nagvis 1:1.9.34-1
+	[bullseye] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a (nagvis-1.9.34)
 CVE-2022-46944
 	RESERVED


=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,8 @@ ring
 ruby2.7/oldstable
   Utkarsh Gupta offered help in preparing updates
 --
+ruby3.1/stable
+--
 ruby-nokogiri/oldstble
 --
 ruby-rack/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5113f761d99bed0d46673be23cd7055d5e790e60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5113f761d99bed0d46673be23cd7055d5e790e60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/169eba5b/attachment.htm>

More information about the debian-security-tracker-commits mailing list