[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 3 18:44:24 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9501e698 by Moritz Muehlenhoff at 2023-03-03T19:43:39+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2651,6 +2651,7 @@ CVE-2023-0992
 	RESERVED
 CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...)
 	- node-mermaid <unfixed> (bug #1032313)
+	[bullseye] - node-mermaid <no-dsa> (Minor issue)
 	NOTE: https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
 CVE-2023-26464
 	RESERVED
@@ -2687,6 +2688,7 @@ CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by defa
 CVE-2023-26463
 	RESERVED
 	- strongswan 5.9.8-4
+	[bullseye] - strongswan <not-affected> (Vulnerable code not present)
 	NOTE: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
 CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
 	NOT-FOR-US: ThingsBoard
@@ -45603,8 +45605,9 @@ CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
 CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel’s PLP Rose f ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595
+	NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
 CVE-2022-2960
 	RESERVED
 CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a  ...)
@@ -73897,8 +73900,9 @@ CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanit
 CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...)
 	NOT-FOR-US: SAP
 CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition in rose_ ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799
+	NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
 CVE-2022-1246
 	REJECTED
 CVE-2022-1245 (A privilege escalation flaw was found in the token exchange feature of ...)
@@ -81746,6 +81750,7 @@ CVE-2022-25928
 	RESERVED
 CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
 	- node-ua-parser-js <unfixed>
+	[bullseye] - node-ua-parser-js <no-dsa> (Minor issue)
 	NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
 	NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9501e698ef0205aff58f2d2f92aabaa73856ca72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9501e698ef0205aff58f2d2f92aabaa73856ca72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/e6d20ce8/attachment.htm>


More information about the debian-security-tracker-commits mailing list