[Git][security-tracker-team/security-tracker][master] 7 commits: data/dla-needed.txt: Triage kamailio for buster LTS (CVE-2020-27507)
Chris Lamb (@lamby)
lamby at debian.org
Wed May 24 19:10:41 BST 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc2cbd84 by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Triage kamailio for buster LTS (CVE-2020-27507)
- - - - -
1c134f1d by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Claim kamailio.
- - - - -
83f16334 by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Triage sysstat for buster LTS (CVE-2023-33204)
- - - - -
5a36cf3d by Chris Lamb at 2023-05-24T11:10:17-07:00
Triage CVE-2023-31517 & CVE-2023-31518 in teeworlds for buster LTS.
- - - - -
15885c0c by Chris Lamb at 2023-05-24T11:10:18-07:00
Triage CVE-2023-28320, CVE-2023-28321 & CVE-2023-28322 in curl for buster LTS.
- - - - -
86c8639f by Chris Lamb at 2023-05-24T11:10:19-07:00
Triage CVE-2023-26116, CVE-2023-26117 & CVE-2023-26118 in angular.js for buster LTS.
- - - - -
554a5fd8 by Chris Lamb at 2023-05-24T11:10:21-07:00
Triage CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614, CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618, CVE-2023-31619, CVE-2023-31620, CVE-2023-31621, CVE-2023-31622, CVE-2023-31623, CVE-2023-31624, CVE-2023-31625, CVE-2023-31626, CVE-2023-31627, CVE-2023-31628, CVE-2023-31629, CVE-2023-31630 & CVE-2023-31631 in virtuoso-opensource for buster LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,12 +59,14 @@ CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem
- teeworlds <unfixed> (bug #1036703)
[bookworm] - teeworlds <ignored> (Minor issue)
[bullseye] - teeworlds <ignored> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
NOTE: https://github.com/teeworlds/teeworlds/issues/2970
CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.)
- teeworlds <unfixed> (bug #1036703)
[bookworm] - teeworlds <ignored> (Minor issue)
[bullseye] - teeworlds <ignored> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
NOT-FOR-US: Finex Media Competition Management System
@@ -602,124 +604,149 @@ CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S
CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137
NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09
CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138
NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830
CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec
CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494
CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129
NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131
CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134
NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526
CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc
CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1130
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ec54f1c7b50df944ae4a8d3e29cd7eaf1cc97b21
CVE-2023-31620 (An issue in the dv_compare component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1128
NOTE: https://github.com/openlink/virtuoso-opensource/commit/a4997ed2499c4de8c95e2de9e2a07b60384fbbec
CVE-2023-31619 (An issue in the sch_name_to_object component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1133
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1136
NOTE: https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df
CVE-2023-31617 (An issue in the dk_set_delete component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1127
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f
CVE-2023-31616 (An issue in the bif_mod component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1122
NOTE: https://github.com/openlink/virtuoso-opensource/commit/25fff0eaa85898004bb14909e9f29d16b2918792
CVE-2023-31615 (An issue in the chash_array component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1124
NOTE: https://github.com/openlink/virtuoso-opensource/commit/d02925b18e3ad0244ae7c52acf92bfa686738eb2
CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1117
NOTE: https://github.com/openlink/virtuoso-opensource/commit/7c488ae70803b208a94bf12fee792195caddbf7d
CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1121
NOTE: https://github.com/openlink/virtuoso-opensource/commit/171718c844530864cb375213c8b9cbc8ba079efc
CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1125
CVE-2023-31611 (An issue in the __libc_longjmp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1119
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74
CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1118
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink virtuoso-opens ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1126
CVE-2023-31608 (An issue in the artm_div_int component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1123
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094
CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe
CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...)
@@ -10729,6 +10756,7 @@ CVE-2023-28322 [more POST-after-PUT confusion]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28322.html
NOTE: Introduced by: https://github.com/curl/curl/commit/546572da0457f37c698c02d0a08d90fdfcbeedec (curl-7_7)
NOTE: Fixed by: https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de6c5e61272c496b (curl-8_1_0)
@@ -10736,6 +10764,7 @@ CVE-2023-28321 [IDN wildcard match]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28321.html
NOTE: Introduced by: https://github.com/curl/curl/commit/9631fa740708b1890197fad01e25b34b7e8eb80e (curl-7_12_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/199f2d440d8659b42670c1b796220792b01a97bf (curl-8_1_0)
@@ -10743,6 +10772,7 @@ CVE-2023-28320 [siglongjmp race condition]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28320.html
NOTE: Introduced by: https://github.com/curl/curl/commit/3c49b405de4fbf1fd7127f91908261268640e54f (curl-7_9_8)
NOTE: Fixed by: https://github.com/curl/curl/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2 (curl-8_1_0)
@@ -16933,16 +16963,19 @@ CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Reg
- angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
- angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular ...)
- angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
CVE-2023-26115
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -69,6 +69,9 @@ hdf5
NOTE: 20230520: additionally couldn't convince the build system to build for buster, something with the autogenerated .install files,
NOTE: 20230520: so giving up on the package. (tobi)
--
+kamailio (Chris Lamb)
+ NOTE: 20230524: Programming language: C.
+--
libcap2 (Abhijith PA)
NOTE: 20230517: Programming language: C.
NOTE: 20230517: VCS: https://salsa.debian.org/lts-team/packages/libcap2.git
@@ -208,6 +211,9 @@ sssd
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
NOTE: 20230508: WIP
--
+sysstat
+ NOTE: 20230524: Programming language: C.
+--
webkit2gtk (Emilio)
NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c425f856e0a2327d97bb090724ed1af850d29ec...554a5fd8cc6c6341d331f3dfe08ffdcaa03071ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c425f856e0a2327d97bb090724ed1af850d29ec...554a5fd8cc6c6341d331f3dfe08ffdcaa03071ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/113f45be/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list