[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 23 11:30:26 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37c9243b by Moritz Mühlenhoff at 2023-05-23T12:30:03+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -652,6 +652,7 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgre
 CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...)
 	[experimental] - libvirt 9.3.0-1
 	- libvirt <unfixed> (bug #1036297)
+	[bookworm] - libvirt <no-dsa> (Minor issue)
 	[bullseye] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0)
@@ -1393,6 +1394,7 @@ CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates wh
 	NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57
 CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading  ...)
 	- perl <unfixed> (bug #1035109)
+	[bookworm] - perl <no-dsa> (Minor issue)
 	[bullseye] - perl <no-dsa> (Minor issue)
 	[buster] - perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/andk/cpanpm/pull/175
@@ -3530,6 +3532,7 @@ CVE-2023-30631
 	RESERVED
 CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This  ...)
 	- dmidecode <unfixed> (bug #1034483)
+	[bookworm] - dmidecode <no-dsa> (Minor issue)
 	[bullseye] - dmidecode <no-dsa> (Minor issue)
 	[buster] - dmidecode <no-dsa> (Minor issue)
 	NOTE: https://github.com/adamreiser/dmiwrite
@@ -8638,6 +8641,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection
 	NOTE: https://github.com/redis/redis-py/pull/2641
 CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...)
 	- python-redis <unfixed> (bug #1033754)
+	[bookworm] - python-redis <no-dsa> (Minor issue)
 	[bullseye] - python-redis <not-affected> (Vulnerable code not present)
 	[buster] - python-redis <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/redis/redis-py/issues/2624
@@ -9772,6 +9776,7 @@ CVE-2023-28532
 	RESERVED
 CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
 	- openssh <unfixed> (bug #1033166)
+	[bookworm] - openssh <no-dsa> (Minor issue)
 	[bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
 	[buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
 CVE-2023-28530
@@ -12771,6 +12776,7 @@ CVE-2022-48364 (The undo_mark_statuses_as_sensitive method in app/services/appro
 	- mastodon <itp> (bug #859741)
 CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...)
 	- debian-goodies <unfixed> (bug #1031267)
+	[bookworm] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
 	[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
 	[buster] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
 CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...)
@@ -18912,25 +18918,30 @@ CVE-2023-25516
 CVE-2023-25515
 	RESERVED
 CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1034799)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034799)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1034799)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034799)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1034793; bug #1034799)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1034793; bug #1034799)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to  ...)
 	NOT-FOR-US: NVIDIA DGX-1 SBIOS
 CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where a ...)
@@ -58068,9 +58079,11 @@ CVE-2022-39210 (Nextcloud android is the official Android client for the Nextclo
 	NOT-FOR-US: Nextcloud android
 CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
 	- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
+	[bookworm] - cmark-gfm <no-dsa> (Minor issue)
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
 	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #1034887)
+	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
 	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- ghostwriter 2.1.6+ds-1 (unimportant)
@@ -160665,6 +160678,7 @@ CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private in
 CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...)
 	[experimental] - deluge 2.1.1-1
 	- deluge <unfixed> (bug #1019594)
+	[bookworm] - deluge <no-dsa> (Minor issue)
 	[bullseye] - deluge <no-dsa> (Minor issue)
 	[buster] - deluge <no-dsa> (Minor issue)
 	NOTE: https://dev.deluge-torrent.org/ticket/3459
@@ -249545,6 +249559,7 @@ CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.
 	[bullseye] - cmark-gfm <no-dsa> (Minor issue)
 	[buster] - cmark-gfm <no-dsa> (Minor issue)
 	- python-cmarkgfm <unfixed> (bug #965983)
+	[bookworm] - python-cmarkgfm <no-dsa> (Minor issue)
 	[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
 	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
 	- ruby-commonmarker 0.21.0-1 (bug #965981)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c9243b60ee472d7c0df765e2b5f6847f3a190f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c9243b60ee472d7c0df765e2b5f6847f3a190f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/b7021b6a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list