[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 19 22:00:56 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3ab1ada by Moritz Muehlenhoff at 2023-06-19T23:00:08+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -395,6 +395,8 @@ CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1
NOT-FOR-US: silabs Bluetooth SDK
CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
- rust-sequoia-openpgp 1.16.0-1
+ [bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
+ [bullseye] - rust-sequoia-openpgp <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html
CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...)
NOT-FOR-US: Liferay
@@ -55063,6 +55065,7 @@ CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU co
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
- golang-golang-x-net 1:0.7.0+dfsg-1
+ [bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
NOTE: https://go.dev/issue/57855
CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on Windows. On ...)
@@ -55101,6 +55104,7 @@ CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server acc
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
- golang-golang-x-net 1:0.4.0+dfsg-1
+ [bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
- golang-golang-x-net-dev <removed>
[buster] - golang-golang-x-net-dev <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
@@ -94408,6 +94412,7 @@ CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attack
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
- golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1
+ [bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
- golang-golang-x-net-dev <removed>
[buster] - golang-golang-x-net-dev <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
@@ -151504,6 +151509,7 @@ CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven for
NOT-FOR-US: Flask restx
CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...)
- python-mechanize 1:0.4.7-1
+ [bullseye] - python-mechanize <no-dsa> (Minor issue)
NOTE: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/
NOTE: https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6 (v0.4.6)
CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
@@ -190305,6 +190311,7 @@ CVE-2020-35914 (An issue was discovered in the lock_api crate before 0.4.2 for R
[bullseye] - rust-lock-api <no-dsa> (Minor issue)
[buster] - rust-lock-api <no-dsa> (Minor issue)
- rust-lock-api-0.1 <unfixed> (bug #1032854)
+ [bullseye] - rust-lock-api-0.1 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
@@ -190312,6 +190319,7 @@ CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for R
[bullseye] - rust-lock-api <no-dsa> (Minor issue)
[buster] - rust-lock-api <no-dsa> (Minor issue)
- rust-lock-api-0.1 <unfixed> (bug #1032854)
+ [bullseye] - rust-lock-api-0.1 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
@@ -190319,6 +190327,7 @@ CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for R
[bullseye] - rust-lock-api <no-dsa> (Minor issue)
[buster] - rust-lock-api <no-dsa> (Minor issue)
- rust-lock-api-0.1 <unfixed> (bug #1032854)
+ [bullseye] - rust-lock-api-0.1 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
@@ -190326,6 +190335,7 @@ CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for R
[bullseye] - rust-lock-api <no-dsa> (Minor issue)
[buster] - rust-lock-api <no-dsa> (Minor issue)
- rust-lock-api-0.1 <unfixed> (bug #1032854)
+ [bullseye] - rust-lock-api-0.1 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
@@ -190333,6 +190343,7 @@ CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for R
[bullseye] - rust-lock-api <no-dsa> (Minor issue)
[buster] - rust-lock-api <no-dsa> (Minor issue)
- rust-lock-api-0.1 <unfixed> (bug #1032854)
+ [bullseye] - rust-lock-api-0.1 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
CVE-2020-28971 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ab1adacae97c98e16be076d4dcf398703a2225
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ab1adacae97c98e16be076d4dcf398703a2225
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230619/7cd34bac/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list