[Git][security-tracker-team/security-tracker][master] new c-ares issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon May 22 14:38:06 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adfd2914 by Moritz Muehlenhoff at 2023-05-22T15:37:42+02:00
new c-ares issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,6 @@
+CVE-2023-32067
+ - c-ares <unfixed>
+ NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...)
TODO: check
CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...)
@@ -1819,6 +1822,9 @@ CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer E
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31147
RESERVED
+ - c-ares <unfixed> (unimportant)
+ NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
+ NOTE: Any Debian system/port provides /dev/urandom
CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
NOT-FOR-US: Vyper
CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...)
@@ -1855,6 +1861,8 @@ CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based
NOT-FOR-US: Greenplum Database
CVE-2023-31130
RESERVED
+ - c-ares <unfixed>
+ NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
NOT-FOR-US: Contiki-NG
CVE-2023-31128
@@ -1867,6 +1875,9 @@ CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser
NOT-FOR-US: Engine.IO
CVE-2023-31124
RESERVED
+ - c-ares <unfixed> (unimportant)
+ NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
+ NOTE: No impact on binaries shipped by Debian
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...)
NOT-FOR-US: effectindex/tripreporter
CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT belongin ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
--
asterisk
--
+c-ares
+--
cinder
--
gpac (aron)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adfd2914e945ab7dbc37050b375bdd0238d7ef89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adfd2914e945ab7dbc37050b375bdd0238d7ef89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/3008b764/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list