[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c06fed2 by Moritz Muehlenhoff at 2023-05-02T15:08:27+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,6 +24,7 @@ CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
 	NOT-FOR-US: phpmyfaq
 CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	- vim <unfixed> (bug #1035323)
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
 	NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499)
 CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
@@ -17161,6 +17162,7 @@ CVE-2023-25568
 	RESERVED
 CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements  ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
+	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0)
 CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -17171,6 +17173,7 @@ CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0)
 CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
+	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0)
 CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -17181,6 +17184,7 @@ CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0)
 CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
+	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0)
 CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...)
@@ -109485,6 +109489,7 @@ CVE-2021-45424
 	RESERVED
 CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports f ...)
 	- pev 0.81-9 (bug #1034725)
+	[bullseye] - pev <no-dsa> (Minor issue, will be fixed in next point release)
 	NOTE: https://github.com/merces/libpe/issues/35
 	NOTE: https://github.com/merces/libpe/commit/9b5fedc37ccbcd23695a0e97c0fe46c999e26100
 	NOTE: https://github.com/merces/libpe/commit/8960f7d710c4d1a43badd2bbf273721248b864f8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c06fed2b2418e78d802836a1be87d85438b0b61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c06fed2b2418e78d802836a1be87d85438b0b61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230502/8c91e556/attachment-0001.htm>