[Git][security-tracker-team/security-tracker][master] Triage python-reportlab for buster

Jochen Sprickerhof (@jspricke) jspricke at debian.org
Thu Jun 22 08:41:43 BST 2023 


Jochen Sprickerhof pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3dd4ddd5 by Jochen Sprickerhof at 2023-06-22T09:36:55+02:00
Triage python-reportlab for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1762,8 +1762,10 @@ CVE-2023-33956 (Kanboard is open source project management software that focuses
 	NOTE: https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd (v1.2.30)
 CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...)
 	- python-reportlab 3.6.13-1
+	[buster] - python-reportlab <not-affected> (Vulnerable code not present)
 	NOTE: https://docs.reportlab.com/releases/notes/whats-new-3613/
 	NOTE: https://github.com/c53elyas/CVE-2023-33733
+	NOTE: Introduced by: https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3 (3.5.34)
 CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 al ...)
 	NOT-FOR-US: EasyPlayerPro-Win
 CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an authenticated path ...)


=====================================
data/dla-needed.txt
=====================================
@@ -177,9 +177,6 @@ python-oslo.privsep
   NOTE: 20230525: CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity.
   NOTE: 20230525: It was mentioned the fix was easy but tedious. It is consumer design flaw issue. (sgmoore)
 --
-python-reportlab
-  NOTE: 20230612: Added by Front-Desk (apo)
---
 python3.7 (Adrian Bunk)
   NOTE: 20230220: Added by Front-Desk (ola)
   NOTE: 20230228: Waiting for actual upstream fix for CVE-2023-24329. (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd4ddd597c8d38f274ab018c419199e631d0374

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd4ddd597c8d38f274ab018c419199e631d0374
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230622/119463d4/attachment.htm>

More information about the debian-security-tracker-commits mailing list