[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 26 17:43:34 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
826bb966 by Moritz Muehlenhoff at 2023-06-26T18:43:04+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1021,9 +1021,9 @@ CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3
 CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...)
 	NOT-FOR-US: cfnts
 CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers  ...)
-	- jackson-databind <unfixed>
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	NOTE: Disputed jackson-databind issue
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091
 CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...)
 	NOT-FOR-US: jjson
 CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...)
@@ -2094,6 +2094,8 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
 	- crun <unfixed>
 	- epic-base <unfixed>
 	- r-cran-jsonlite <unfixed>
+	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
+	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
 	- ruby-yajl <unfixed>
 CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...)
 	NOT-FOR-US: Sogou Workflow
@@ -20633,6 +20635,7 @@ CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine;
 	NOT-FOR-US: github.com/xyproto/algernon/engine
 CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
 	- cpp-httplib <unfixed> (bug #1037100)
+	[bookworm] - cpp-httplib <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
 	NOTE: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280
 	NOTE: https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4)
@@ -81671,6 +81674,7 @@ CVE-2022-32150
 	RESERVED
 CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
 	- golang-golang-x-text 0.3.8-1 (bug #1021785)
+	[bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
 	- golang-x-text <removed>
 	[buster] - golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package))
 	NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
@@ -137849,6 +137853,7 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor
 	NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)
 CVE-2021-38561 (golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic ...)
 	- golang-golang-x-text 0.3.7-1
+	[bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
 	- golang-x-text <removed>
 	[buster] - golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/826bb96661a31e35b0686f5d23f6c83e61e97185
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/4fc7cf78/attachment.htm>


More information about the debian-security-tracker-commits mailing list