[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 21 12:16:43 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d76a24f2 by Moritz Muehlenhoff at 2023-06-21T13:16:07+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,6 +66,8 @@ CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
 	NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
 CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...)
 	- tiff 4.5.1~rc3-1
+	[bookworm] - tiff <no-dsa> (Minor issue)
+	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 (v4.5.1rc1)
@@ -9951,6 +9953,7 @@ CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently wh
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 1.19.10-2
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
@@ -9963,6 +9966,7 @@ CVE-2023-29402 (The go command may generate unexpected code at build time when u
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 1.19.10-2
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
@@ -17767,6 +17771,7 @@ CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-m
 	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.10 <unfixed>
 	- python3.9 <removed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
@@ -89067,6 +89072,7 @@ CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privile
 	- golang-1.18 1.18.2-1
 	- golang-1.17 1.17.10-1
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <not-affected> (Vulnerable code introduced later)
 	- golang-1.8 <not-affected> (Vulnerable code introduced later)
 	- golang-1.7 <not-affected> (Vulnerable code introduced later)
@@ -94572,6 +94578,7 @@ CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attack
 	- golang-1.18 1.18.6-1
 	- golang-1.17 <unfixed>
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	- golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1
@@ -103197,6 +103204,7 @@ CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference implem
 	[bullseye] - ghostwriter <not-affected> (Vulnerable code not present)
 	[buster] - ghostwriter <not-affected> (Vulnerable code not present)
 	- python-cmarkgfm 0.7.0-1 (bug #1006758)
+	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
 	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- ruby-commonmarker 0.23.4-1 (bug #1006759)
 	[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)


=====================================
data/dsa-needed.txt
=====================================
@@ -78,6 +78,8 @@ salt/oldstable
 --
 samba/oldstable
 --
+trafficserver (jmm)
+--
 wpewebkit
 --
 xrdp/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76a24f2a838b7314f74de9d1baaff1c10be7d49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76a24f2a838b7314f74de9d1baaff1c10be7d49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230621/b16a6467/attachment.htm>


More information about the debian-security-tracker-commits mailing list