[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 17 08:26:38 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c72e0539 by Moritz Muehlenhoff at 2023-03-17T09:23:29+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25692,6 +25692,7 @@ CVE-2022-4171 (The demon image annotation plugin for WordPress is vulnerable to
 	NOT-FOR-US: demon image annotation plugin for WordPress
 CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code execution, in  ...)
 	- rxvt-unicode <unfixed> (bug #1025489)
+	[bookworm] - rxvt-unicode <no-dsa> (Minor issue)
 	[bullseye] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
 	[buster] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/12/05/1
@@ -178130,6 +178131,7 @@ CVE-2020-28492
 	REJECTED
 CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...)
 	- jackson-dataformat-cbor <unfixed> (bug #983664)
+	[bookworm] - jackson-dataformat-cbor <no-dsa> (Minor issue)
 	[bullseye] - jackson-dataformat-cbor <no-dsa> (Minor issue)
 	[buster] - jackson-dataformat-cbor <no-dsa> (Minor issue)
 	[stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue; https://people.debian.org/~abhijith/CVE-2020-28491.txt)
@@ -185158,7 +185160,8 @@ CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 ma
 	NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012
 CVE-2020-26555 (Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specificati ...)
-	- linux <unfixed>
+	NOT-FOR-US: Bluetooth
+	NOTE: There's no indication that any Bluetooth software in Debian is affected
 	NOTE: https://kb.cert.org/vuls/id/799380
 	NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918601
@@ -209120,9 +209123,7 @@ CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4
 	[buster] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-18057
 CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
-	- linux <unfixed>
-	[bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
-	[buster] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+	NOTE: Bluetooth protocol issue
 	NOTE: https://www.kb.cert.org/vuls/id/589825/
 CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
 	- python3.9 <not-affected> (Windows-specific)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72e05398d71b26af09299b3f90b540b44af3bb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72e05398d71b26af09299b3f90b540b44af3bb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/7b3c3e1c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list