[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 23 21:16:53 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54f50b7a by Moritz Mühlenhoff at 2023-05-23T22:16:30+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1425,6 +1425,7 @@ CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
 	NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499)
 CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
 	- libgitlab-api-v4-perl <unfixed> (bug #954051)
+	[bookworm] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
 	[bullseye] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
 	[buster] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57
@@ -19749,6 +19750,7 @@ CVE-2015-10073 (A vulnerability, which was classified as problematic, was found
 	NOT-FOR-US: WikiSEO
 CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...)
 	- harfbuzz <unfixed> (bug #1030612)
+	[bookworm] - harfbuzz <no-dsa> (Minor issue)
 	[bullseye] - harfbuzz <no-dsa> (Minor issue)
 	[buster] - harfbuzz <no-dsa> (Minor issue)
 	NOTE: Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
@@ -88860,6 +88862,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the
 	NOTE: https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e (v0.8.0)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...)
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
+	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -88868,6 +88871,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
 	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...)
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
+	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -148133,6 +148137,7 @@ CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to versi
 	NOT-FOR-US: Mind-elixir
 CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version  ...)
 	- jquery-minicolors <unfixed> (bug #1031791)
+	[bookworm] - jquery-minicolors <no-dsa> (Minor issue)
 	[bullseye] - jquery-minicolors <no-dsa> (Minor issue)
 	[buster] - jquery-minicolors <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/
@@ -151122,6 +151127,7 @@ CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an in
 	[bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox2-java <no-dsa> (Minor issue)
 	- libpdfbox-java <unfixed> (bug #991527)
+	[bookworm] - libpdfbox-java <no-dsa> (Minor issue)
 	[bullseye] - libpdfbox-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
 	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
@@ -151132,6 +151138,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
 	[bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox2-java <no-dsa> (Minor issue)
 	- libpdfbox-java <unfixed> (bug #991527)
+	[bookworm] - libpdfbox-java <no-dsa> (Minor issue)
 	[bullseye] - libpdfbox-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
 	[stretch] - libpdfbox-java <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f50b7af0ec660fcb46d813e438a63f3b27add8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f50b7af0ec660fcb46d813e438a63f3b27add8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/89746cbf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list