[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 29 12:25:42 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3602e8ab by Moritz Muehlenhoff at 2023-06-29T13:25:23+02:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,10 @@ CVE-2023-3327
REJECTED
CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...)
- pypdf <unfixed>
+ [bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <unfixed>
+ [bookworm] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 <no-dsa> (Minor issue)
NOTE: https://github.com/py-pdf/pypdf/pull/969
NOTE: https://github.com/py-pdf/pypdf/pull/1828
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8
@@ -139,6 +142,8 @@ CVE-2023-3355 (A NULL pointer dereference flaw was found in the Linux kernel's d
NOTE: https://git.kernel.org/linus/d839f0811a31322c087a859c2b181e2383daa7be (6.3-rc1)
CVE-2023-3354 [VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service]
- qemu <unfixed>
+ [bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478
TODO: check, no details in RHBZ#2216478 on upstream status
CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...)
@@ -18867,6 +18872,8 @@ CVE-2023-26966
RESERVED
CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf (v4.5.1rc1)
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
@@ -23446,10 +23453,14 @@ CVE-2023-25436
RESERVED
CVE-2023-25435 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/518
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1)
CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...)
- tiff 4.5.1~rc3-1
+ [bookworm] - tiff <no-dsa> (Minor issue)
+ [bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/519
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1)
CVE-2023-25433
@@ -130104,6 +130115,7 @@ CVE-2021-41804
RESERVED
CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...)
- consul <unfixed> (bug #1034841)
+ [bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <not-affected> (Vulnerable Code not present)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
NOTE: https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b (v1.11.9)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3602e8abefb17ee10f1f754326b2e265362e19d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3602e8abefb17ee10f1f754326b2e265362e19d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230629/2fed2c5e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list