[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 3 18:44:24 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9501e698 by Moritz Muehlenhoff at 2023-03-03T19:43:39+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2651,6 +2651,7 @@ CVE-2023-0992
RESERVED
CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...)
- node-mermaid <unfixed> (bug #1032313)
+ [bullseye] - node-mermaid <no-dsa> (Minor issue)
NOTE: https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
CVE-2023-26464
RESERVED
@@ -2687,6 +2688,7 @@ CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by defa
CVE-2023-26463
RESERVED
- strongswan 5.9.8-4
+ [bullseye] - strongswan <not-affected> (Vulnerable code not present)
NOTE: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
NOT-FOR-US: ThingsBoard
@@ -45603,8 +45605,9 @@ CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel’s PLP Rose f ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595
+ NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
CVE-2022-2960
RESERVED
CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a ...)
@@ -73897,8 +73900,9 @@ CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanit
CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...)
NOT-FOR-US: SAP
CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition in rose_ ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799
+ NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
CVE-2022-1246
REJECTED
CVE-2022-1245 (A privilege escalation flaw was found in the token exchange feature of ...)
@@ -81746,6 +81750,7 @@ CVE-2022-25928
RESERVED
CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
- node-ua-parser-js <unfixed>
+ [bullseye] - node-ua-parser-js <no-dsa> (Minor issue)
NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9501e698ef0205aff58f2d2f92aabaa73856ca72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9501e698ef0205aff58f2d2f92aabaa73856ca72
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/e6d20ce8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list