[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 19 12:36:30 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b8c47a99 by Moritz Muehlenhoff at 2023-05-19T13:36:01+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -691,6 +691,7 @@ CVE-2023-2641 (A vulnerability was found in SourceCodester Online Internship Man
NOT-FOR-US: SourceCodester Online Internship Management System
CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto ...)
- in-toto <unfixed> (bug #1035934)
+ [bullseye] - in-toto <no-dsa> (Minor issue)
NOTE: https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf
NOTE: https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59 (v2.0.0)
NOTE: https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325 (v2.0.0)
@@ -8397,6 +8398,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection
NOTE: https://github.com/redis/redis-py/pull/2641
CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...)
- python-redis <unfixed> (bug #1033754)
+ [bullseye] - python-redis <not-affected> (Vulnerable code not present)
[buster] - python-redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/redis/redis-py/issues/2624
NOTE: https://github.com/redis/redis-py/pull/2641
@@ -11067,6 +11069,7 @@ CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system fo
NOT-FOR-US: Contiki-NG
CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF generation ...)
- civicrm <unfixed> (bug #1036284)
+ [bullseye] - civicrm <no-dsa> (Minor issue)
NOTE: https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
NOTE: https://github.com/KnpLabs/snappy/pull/469
NOTE: https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6 (v1.4.2)
=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
--
asterisk
--
+cups-filters
+--
gpac (aron)
--
jupyter-core
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8c47a9986b10c61e647714f34ee02c1f869f5dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8c47a9986b10c61e647714f34ee02c1f869f5dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230519/c885d8b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list