[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 3 19:18:59 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e27f195 by Moritz Muehlenhoff at 2023-03-03T20:18:19+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/embedded-code-copies
Changes:
=====================================
data/CVE/list
=====================================
@@ -29488,9 +29488,10 @@ CVE-2022-44036 (** DISPUTED ** In b2evolution 7.2.5, if configured with admins_c
CVE-2022-44035
RESERVED
CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/
NOTE: https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/
+ NOTE: Negligible security impact, would need physical access to "exploit"
CVE-2022-44033 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...)
- linux <unfixed> (unimportant)
NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/
@@ -56854,7 +56855,7 @@ CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability that
NOT-FOR-US: NVFLARE
CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnera ...)
[experimental] - nvidia-cuda-toolkit 11.8.0-1
- - nvidia-cuda-toolkit <unfixed> (bug #1021625)
+ - nvidia-cuda-toolkit 11.8.0-2 (bug #1021625)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373
@@ -69827,9 +69828,7 @@ CVE-2022-30046
RESERVED
CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #1014389)
- - scilab <unfixed> (bug #1014391)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #1014391)
- netcdf 1:4.9.0-1
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -137211,9 +137210,7 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
{DLA-2705-1}
- mapcache <unfixed> (unimportant; bug #989363)
[stretch] - mapcache <no-dsa> (Minor issue)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -137856,9 +137853,7 @@ CVE-2021-31349 (The usage of an internal HTTP header created an authentication b
CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -137871,9 +137866,7 @@ CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -138172,9 +138165,7 @@ CVE-2021-31230
CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -140292,9 +140283,7 @@ CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injectio
CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -151056,10 +151045,7 @@ CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated En
NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -151071,10 +151057,7 @@ CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -151086,10 +151069,7 @@ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -235646,10 +235626,7 @@ CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated
NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices
CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -235661,10 +235638,7 @@ CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -235676,10 +235650,7 @@ CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -235691,10 +235662,7 @@ CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -235706,10 +235674,7 @@ CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -238797,10 +238762,7 @@ CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project n
NOT-FOR-US: Archery
CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -238812,10 +238774,7 @@ CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The functi
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
@@ -238827,10 +238786,7 @@ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- mapcache <unfixed> (unimportant; bug #989363)
- - scilab <unfixed> (bug #989364)
- [bullseye] - scilab <no-dsa> (Minor issue)
- [buster] - scilab <no-dsa> (Minor issue)
- [stretch] - scilab <no-dsa> (Minor issue)
+ - scilab <unfixed> (unimportant; bug #989364)
- netcdf 1:4.9.0-1 (bug #989360)
[bullseye] - netcdf <ignored> (Minor issue)
[buster] - netcdf <ignored> (Minor issue)
=====================================
data/embedded-code-copies
=====================================
@@ -3543,6 +3543,7 @@ ezxml (not packaged in Debian; no ITP)
- mapcache <unfixed> (embed; bug #989363)
NOTE: mapcache only uses ezxml to parse config file, doesn't trust any trust boundary, no need to file bugs
- scilab <unfixed> (embed; bug #989364)
+ NOTE: scilab only uses it to load scicos/xcos schemas, negligible security impact
libstb
- goxel 0.10.6-2 (embed; bug #949552)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e27f1951a27e432d4d5fc3d94206adc600fafb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e27f1951a27e432d4d5fc3d94206adc600fafb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/5ac7320d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list