[Git][security-tracker-team/security-tracker][master] bullseye triage

Fri May 19 15:32:37 BST 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
234c492e by Moritz Muehlenhoff at 2023-05-19T16:32:05+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5734,6 +5734,7 @@ CVE-2023-29660
 	RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
 	- libheif <unfixed> (bug #1035607)
+	[bullseye] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/issues/794
 	NOTE: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 (v1.15.2)
 CVE-2023-29658
@@ -8535,6 +8536,7 @@ CVE-2023-1625 [information leak in API]
 	RESERVED
 	[experimental] - heat 1:20.0.0~rc1-1
 	- heat 1:19.0.0-2 (bug #1034186)
+	[bullseye] - heat <no-dsa> (Minor issue)
 	[buster] - heat <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
 	NOTE: https://review.opendev.org/c/openstack/heat/+/868166
@@ -21424,6 +21426,7 @@ CVE-2023-24531
 CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::read_t ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034150)
+	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1)
@@ -21431,12 +21434,14 @@ CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::
 CVE-2023-24472 (A denial of service vulnerability exists in the FitsOutput::close() fu ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034151)
+	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6 (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750 (v2.4.8.1)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709
 CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::decode_pix ...)
 	[experimental] - openimageio 2.4.9.0+dfsg-1
 	- openimageio <unfixed> (bug #1034150)
+	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1)
@@ -67724,6 +67729,7 @@ CVE-2022-31471 (untangle is a python library to convert XML data to python objec
 	NOTE: https://github.com/stchris/untangle/pull/94
 CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a certif ...)
 	- dogtag-pki <unfixed> (bug #1034802)
+	[bullseye] - dogtag-pki <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
 CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...)
 	NOT-FOR-US: WordPress plugin
@@ -193942,9 +193948,10 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to
 CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE requests with d ...)
-	- kamailio 5.5.3-1
-	NOTE: https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f (5.5.0)
+	- kamailio 5.4.2-1
 	NOTE: https://github.com/kamailio/kamailio/issues/2503
+	NOTE: https://github.com/kamailio/kamailio/commit/f57c900b438f3233fa1e9a9d3ca8cd383a30baa6 (5.4.2) (5.4 branch)
+	NOTE: https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f (5.5.0) (master branch)
 CVE-2020-27506
 	RESERVED
 CVE-2020-27505


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 asterisk
 --
+cinder
+--
 cups-filters
 --
 gpac (aron)
@@ -37,6 +39,8 @@ netatalk
   open regression with MacOS, tentative patch not yet merged upstream
   See discussion on team mailing list.
 --
+nova
+--
 openjdk-11 (jmm)
 --
 openjdk-17 (jmm)
@@ -51,6 +55,10 @@ php-horde-turba
 --
 py7zr
 --
+python-glance-store
+--
+python-os-brick
+--
 python-werkzeug
 --
 ring



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234c492e44d69ad58d708c5a6f68a18c28eb3dab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234c492e44d69ad58d708c5a6f68a18c28eb3dab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230519/dc25e4b0/attachment-0001.htm>
