[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 18 20:23:52 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76306029 by Moritz Muehlenhoff at 2023-06-18T21:22:39+02:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,6 +21,7 @@ CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templ
NOT-FOR-US: WordPress plugin
CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...)
- jpeg-xl <unfixed>
+ [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/pull/2551
NOTE: https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226
CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbitmq-c) ...)
@@ -3746,6 +3747,7 @@ CVE-2023-XXXX [several critical memory corruption vulnerabilities]
CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x thro ...)
- qt6-svg 6.4.2-2
- qtsvg-opensource-src 5.15.8-3
+ [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/474093
@@ -9593,6 +9595,7 @@ CVE-2023-29405 (The go command may execute arbitrary code at build time when usi
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 1.19.10-2
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -9605,6 +9608,7 @@ CVE-2023-29404 (The go command may execute arbitrary code at build time when usi
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 1.19.10-2
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
@@ -49927,6 +49931,7 @@ CVE-2022-3617
RESERVED
CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRPKI ex ...)
- cfrpki 1.4.4-1
+ [bullseye] - cfrpki <no-dsa> (Minor issue)
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc
CVE-2022-3615
RESERVED
@@ -102778,6 +102783,7 @@ CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference implem
- python-cmarkgfm 0.7.0-1 (bug #1006758)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ruby-commonmarker 0.23.4-1 (bug #1006759)
+ [bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
- r-cran-commonmark 1.8.0-1 (bug #1006760)
[bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ linux (carnil)
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
+maradns/oldstable
+--
netatalk/oldstable
open regression with MacOS, tentative patch not yet merged upstream
See discussion on team mailing list.
@@ -55,7 +57,7 @@ ruby2.7/oldstable
--
ruby3.1/stable
--
-ruby-nokogiri/oldstble
+ruby-nokogiri/oldstable
--
ruby-rack/oldstable (carnil)
Utkarsh Gupta available for preparing updates, debdiff ready for review
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76306029fa98d8a35037fd5816c2465eacaa3997
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76306029fa98d8a35037fd5816c2465eacaa3997
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230618/61da8f6e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list