[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 23 14:37:24 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e7e8196 by Moritz Mühlenhoff at 2023-05-23T15:37:10+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows att
 CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...)
 	- wabt <unfixed> (unimportant)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2199
-	NOTE: Crash in CLI, no security impact
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...)
 	NOT-FOR-US: WSO2
 CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...)
@@ -652,7 +652,6 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgre
 CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...)
 	[experimental] - libvirt 9.3.0-1
 	- libvirt <unfixed> (bug #1036297)
-	[bookworm] - libvirt <no-dsa> (Minor issue)
 	[bullseye] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0)
@@ -10144,6 +10143,8 @@ CVE-2023-28440 (Discourse is an open source platform for community discussion. I
 CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed> (bug #1034481)
 	- ckeditor3 <unfixed>
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef (4.21.0)
@@ -96220,6 +96221,8 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command In
 	NOT-FOR-US: simple-git
 CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...)
 	- cookiecutter <unfixed> (bug #1013279)
+	[bookworm] - cookiecutter <no-dsa> (Minor issue)
+	[bullseye] - cookiecutter <no-dsa> (Minor issue)
 	[buster] - cookiecutter <no-dsa> (Minor issue)
 	[stretch] - cookiecutter <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281
@@ -99674,6 +99677,7 @@ CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -99683,6 +99687,7 @@ CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -127231,6 +127236,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -136268,6 +136274,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -145501,6 +145508,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc
 	- ckeditor 4.16.0+dfsg-2
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -165322,6 +165330,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <postponed> (Fix along next DLA)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -324764,6 +324773,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a
 	[stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch)
 	[jessie] - ckeditor <ignored> (Minor issue)
 	- ckeditor3 <unfixed> (low; bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
@@ -493476,6 +493486,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be
 	[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
 	[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bookworm] - ckeditor3 <no-dsa> (Minor issue)
 	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7e819623dba0f5d44bbe2eba1a67e01caef78b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/51135754/attachment.htm>

More information about the debian-security-tracker-commits mailing list