[Git][security-tracker-team/security-tracker][master] bullseye triage

Fri Mar 3 10:24:50 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fdc140f by Moritz Muehlenhoff at 2023-03-03T11:24:22+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6466,6 +6466,7 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impos
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
 	- redis <unfixed> (bug #1032279)
+	[bullseye] - redis <no-dsa> (Minor issue)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
 	NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9)
 CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...)
@@ -37296,8 +37297,8 @@ CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM o
 CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...)
 	{DLA-3342-1}
 	- freeradius 3.2.0+dfsg-1
+	[bullseye] - freeradius <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937 (release_3_0_26)
-	TODO: check details on fix
 CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...)
 	- linux 5.17.6-1
 	[bullseye] - linux 5.10.113-1
@@ -37310,10 +37311,10 @@ CVE-2022-41856
 CVE-2022-41855
 	REJECTED
 CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulnerable  ...)
-	- snakeyaml 1.33-1
+	- snakeyaml 1.33-1 (unimportant)
 	[buster] - snakeyaml 1.23-1+deb10u1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
-	TODO: check details
+	NOTE: No suitable for parsing untrusted YAML, see README.Debian.security
 CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...)
 	{DSA-5313-1 DLA-3234-1}
 	- hsqldb 2.7.1-1 (bug #1023573)


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ php-horde-mime-viewer
 --
 php-horde-turba
 --
+py7zr
+--
 rails (aron)
 --
 ring



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fdc140f1370c83b3d3418e2815f1c65aff48fe1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fdc140f1370c83b3d3418e2815f1c65aff48fe1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/91f31c68/attachment.htm>
