[Git][security-tracker-team/security-tracker][master] bookworm triage

Wed May 24 16:22:36 BST 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4ad4547 by Moritz Mühlenhoff at 2023-05-24T17:22:06+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3071,6 +3071,8 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso
 CVE-2023-2157
 	RESERVED
 	- imagemagick <unfixed> (bug #1036476)
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
+	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
 CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
@@ -7709,6 +7711,7 @@ CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions sta
 	- gitlab <unfixed>
 CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...)
 	- cloud-init <unfixed> (bug #1035023)
+	[bookworm] - cloud-init <no-dsa> (Minor issue)
 	[bullseye] - cloud-init <no-dsa> (Minor issue)
 	[buster] - cloud-init <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/cloud-init/+bug/2013967
@@ -11195,6 +11198,7 @@ CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure th
 CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
 	{DLA-3373-1}
 	- json-smart <unfixed> (bug #1033474)
+	[bookworm] - json-smart <no-dsa> (Minor issue)
 	[bullseye] - json-smart <no-dsa> (Minor issue)
 	NOTE: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
 	NOTE: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9)
@@ -20268,6 +20272,7 @@ CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5
 	NOT-FOR-US: dst-admin
 CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
 	- jpeg-xl <unfixed> (bug #1034722)
+	[bookworm] - jpeg-xl <no-dsa> (Minor issue)
 	NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
 	NOTE: https://github.com/libjxl/libjxl/issues/2100
 	NOTE: https://github.com/libjxl/libjxl/pull/2101
@@ -55894,6 +55899,7 @@ CVE-2022-40153
 	REJECTED
 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of  ...)
 	- libwoodstox-java <unfixed> (bug #1032089)
+	[bookworm] - libwoodstox-java <no-dsa> (Minor issue)
 	[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
 	[buster] - libwoodstox-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/x-stream/xstream/issues/304



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ad4547817109b99be975fea0f8b5e58ca10c7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ad4547817109b99be975fea0f8b5e58ca10c7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/13d4f204/attachment.htm>
