[Git][security-tracker-team/security-tracker][fix_987283] 41 commits: mysql-8.0 fixed in sid
Anton Gladky (@gladk)
gladk at debian.org
Thu May 25 15:03:13 BST 2023
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker
Commits:
072b2fea by Moritz Mühlenhoff at 2023-05-24T13:59:40+02:00
mysql-8.0 fixed in sid
- - - - -
2955a9ea by Salvatore Bonaccorso at 2023-05-24T14:34:26+02:00
Add CVE-2023-32681/requests
- - - - -
b04de230 by Salvatore Bonaccorso at 2023-05-24T14:42:40+02:00
Add Debian bug reference for CVE-2023-32681/requests
- - - - -
301e3b12 by Salvatore Bonaccorso at 2023-05-24T14:54:12+02:00
Mark CVE-2023-20868 as NFU
Link: https://www.vmware.com/security/advisories/VMSA-2023-0010.html
- - - - -
876671a5 by Moritz Mühlenhoff at 2023-05-24T15:34:26+02:00
one QT issue n/a for qtbase-opensource-src-gles (n/a used here since -gles is
just a special variant of qtbase-opensource-src)
- - - - -
59aff79d by Moritz Mühlenhoff at 2023-05-24T15:36:18+02:00
bugnums
- - - - -
12d179ab by Salvatore Bonaccorso at 2023-05-24T16:00:40+02:00
Add CVE-2023-32685/kanboard
- - - - -
bbe1c48c by Moritz Mühlenhoff at 2023-05-24T16:01:48+02:00
bugnums
- - - - -
7f59c0ee by Salvatore Bonaccorso at 2023-05-24T16:40:52+02:00
Add Debian bug reference for CVE-2023-32697/xerial-sqlite-jdbc
- - - - -
c0105502 by Salvatore Bonaccorso at 2023-05-24T16:43:04+02:00
Add Debian bug references for gpac issues
- - - - -
a4ad4547 by Moritz Mühlenhoff at 2023-05-24T17:22:06+02:00
bookworm triage
- - - - -
0ba18c60 by Moritz Mühlenhoff at 2023-05-24T18:17:19+02:00
bullseye triage
- - - - -
0d858984 by Salvatore Bonaccorso at 2023-05-24T18:22:16+02:00
Add CVE-2023-33285/Qt
- - - - -
3a2dc2cf by Salvatore Bonaccorso at 2023-05-24T18:35:04+02:00
Update information for CVE-2023-24998/tomcat
- - - - -
e27a2356 by Salvatore Bonaccorso at 2023-05-24T18:43:48+02:00
Add CVE-2023-28709/tomcat
- - - - -
f3280688 by Salvatore Bonaccorso at 2023-05-24T18:50:35+02:00
Add CVE-2023-33246 as NFU
- - - - -
1c425f85 by Sylvain Beucler at 2023-05-24T19:02:31+02:00
Reserve DLA-3432-1 for python2.7
- - - - -
fc2cbd84 by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Triage kamailio for buster LTS (CVE-2020-27507)
- - - - -
1c134f1d by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Claim kamailio.
- - - - -
83f16334 by Chris Lamb at 2023-05-24T11:10:15-07:00
data/dla-needed.txt: Triage sysstat for buster LTS (CVE-2023-33204)
- - - - -
5a36cf3d by Chris Lamb at 2023-05-24T11:10:17-07:00
Triage CVE-2023-31517 & CVE-2023-31518 in teeworlds for buster LTS.
- - - - -
15885c0c by Chris Lamb at 2023-05-24T11:10:18-07:00
Triage CVE-2023-28320, CVE-2023-28321 & CVE-2023-28322 in curl for buster LTS.
- - - - -
86c8639f by Chris Lamb at 2023-05-24T11:10:19-07:00
Triage CVE-2023-26116, CVE-2023-26117 & CVE-2023-26118 in angular.js for buster LTS.
- - - - -
554a5fd8 by Chris Lamb at 2023-05-24T11:10:21-07:00
Triage CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614, CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618, CVE-2023-31619, CVE-2023-31620, CVE-2023-31621, CVE-2023-31622, CVE-2023-31623, CVE-2023-31624, CVE-2023-31625, CVE-2023-31626, CVE-2023-31627, CVE-2023-31628, CVE-2023-31629, CVE-2023-31630 & CVE-2023-31631 in virtuoso-opensource for buster LTS.
- - - - -
4d474e72 by security tracker role at 2023-05-24T20:12:14+00:00
automatic update
- - - - -
5f106113 by Salvatore Bonaccorso at 2023-05-24T22:23:56+02:00
Add new issues in briar, itp'ed
- - - - -
2c00947f by Salvatore Bonaccorso at 2023-05-24T22:32:09+02:00
Process NFUs
- - - - -
2a496152 by Sylvain Beucler at 2023-05-25T00:10:43+02:00
dla: add authorship to some notes
- - - - -
ee060d79 by Salvatore Bonaccorso at 2023-05-25T07:51:35+02:00
Track fixed version for rnp issues via unstable
- - - - -
029366bf by Salvatore Bonaccorso at 2023-05-25T07:53:11+02:00
Track fixed version for CVE-2023-32763/qtbase-opensource-src-qles
- - - - -
f38743d1 by Bastien Roucariès at 2023-05-25T08:25:12+00:00
Add a new commit for fixing CVE-2021-39212
- - - - -
7c6d4071 by Salvatore Bonaccorso at 2023-05-25T11:02:34+02:00
Mark CVE-2023-1601 as REJECTED
- - - - -
22aac0f3 by Salvatore Bonaccorso at 2023-05-25T11:35:11+02:00
Add new webkit2gtk and wpewebkit CVEs
- - - - -
16b13cfc by Sylvain Beucler at 2023-05-25T11:38:33+02:00
CVE-2020-8492/python2.7: drop obsolete rationale and broken link
- - - - -
991949d6 by Alberto Garcia at 2023-05-25T12:27:30+02:00
Mark CVE-2023-32409 as unimportant
- - - - -
e6c6899a by Bastien Roucariès at 2023-05-25T11:04:28+00:00
CVE-2021-39212: add a few other upstream commit for fixing this bug
- - - - -
86449ef0 by Anton Gladky at 2023-05-25T13:07:46+02:00
Save inodeprints with the full path
- - - - -
b232fb0b by Anton Gladky at 2023-05-25T13:51:43+02:00
Add file print of the removed_packages into DB
- - - - -
0fd4ed25 by Anton Gladky at 2023-05-25T14:11:34+02:00
Merge branch 'add_removed_files_to_DB' into fix_987283
- - - - -
d999efb3 by Anton Gladky at 2023-05-25T14:21:06+02:00
Minor fixes
- - - - -
e0270ec1 by Anton Gladky at 2023-05-25T16:02:43+02:00
Finalize
- - - - -
5 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
- data/dsa-needed.txt
- lib/python/security_db.py
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,123 @@
+CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...)
+ - briar <itp> (bug #1019932)
+CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward ...)
+ - briar <itp> (bug #1019932)
+CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users' messages in ...)
+ - briar <itp> (bug #1019932)
+CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows a ...)
+ - briar <itp> (bug #1019932)
+CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier t ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Lifera ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Life ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Life ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL Server in L ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in Liferay P ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module in Life ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content Display wi ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet widget ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder module's c ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget configu ...)
+ NOT-FOR-US: Liferay
+CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM ...)
+ TODO: check
+CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the Create Region ...)
+ TODO: check
+CVE-2023-33799 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33798 (A stored cross-site scripting (XSS) vulnerability in the Create Rack ( ...)
+ TODO: check
+CVE-2023-33797 (A stored cross-site scripting (XSS) vulnerability in the Create Sites ...)
+ TODO: check
+CVE-2023-33796 (A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to e ...)
+ TODO: check
+CVE-2023-33795 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33794 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...)
+ TODO: check
+CVE-2023-33793 (A stored cross-site scripting (XSS) vulnerability in the Create Power ...)
+ TODO: check
+CVE-2023-33792 (A stored cross-site scripting (XSS) vulnerability in the Create Site G ...)
+ TODO: check
+CVE-2023-33791 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...)
+ TODO: check
+CVE-2023-33790 (A stored cross-site scripting (XSS) vulnerability in the Create Locati ...)
+ TODO: check
+CVE-2023-33789 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...)
+ TODO: check
+CVE-2023-33788 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...)
+ TODO: check
+CVE-2023-33787 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...)
+ TODO: check
+CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the Create Circui ...)
+ TODO: check
+CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the Create Rack R ...)
+ TODO: check
+CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function in Zyxel ...)
+ NOT-FOR-US: Zyxel
+CVE-2023-33009 (A buffer overflow vulnerability in the notification function in Zyxel ...)
+ NOT-FOR-US: Zyxel
+CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to escala ...)
+ NOT-FOR-US: MobileTrans
+CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
+ NOT-FOR-US: IC Realtime ICIP-P2012T
+CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...)
+ TODO: check
+CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
+ TODO: check
+CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice ...)
+ TODO: check
+CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...)
+ NOT-FOR-US: eScan Antivirus
+CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...)
+ NOT-FOR-US: Twister Antivirus
+CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antivirus ...)
+ NOT-FOR-US: Twister Antivirus
+CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...)
+ NOT-FOR-US: FlexiHub
+CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...)
+ TODO: check
+CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...)
+ NOT-FOR-US: EnTech Monitor Asset Manager
+CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...)
+ NOT-FOR-US: Barracuda
+CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park Ticketing Syste ...)
+ NOT-FOR-US: SourceCodester Theme Park Ticketing System
+CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry Store 1.0 a ...)
+ NOT-FOR-US: SourceCodester Online Jewelry Store
+CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 1.012.GP ...)
+ NOT-FOR-US: Simple Design Daily Journal
+CVE-2023-2862 (A vulnerability, which was classified as problematic, was found in Sit ...)
+ NOT-FOR-US: SiteServer CMS
+CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ NOT-FOR-US: Cityboss E-municipality
+CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions, there ...)
+ NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...)
- - xerial-sqlite-jdbc <unfixed>
+ - xerial-sqlite-jdbc <unfixed> (bug #1036706)
NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
+CVE-2023-32685 [Clipboard based cross-site scripting (blocked with default CSP)]
+ - kanboard <unfixed>
+ NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
+CVE-2023-32681 [ Unintended leak of Proxy-Authorization header]
+ - requests <unfixed> (bug #1036693)
+ NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
+ NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0)
CVE-2023-31763 (Weak security in the transmitter of AGShome Smart Alarm v1.0 allows at ...)
NOT-FOR-US: AGShome Smart Alarm
CVE-2023-31762 (Weak security in the transmitter of Digoo DG-HAMB Smart Home Security ...)
@@ -47,11 +164,17 @@ CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++a
NOTE: https://github.com/WebAssembly/wabt/issues/2165
NOTE: Crash in CLI tool, no security impact
CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem of tee ...)
- - teeworlds <unfixed>
+ - teeworlds <unfixed> (bug #1036703)
+ [bookworm] - teeworlds <ignored> (Minor issue)
+ [bullseye] - teeworlds <ignored> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
NOTE: https://github.com/teeworlds/teeworlds/issues/2970
CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.)
- - teeworlds <unfixed>
+ - teeworlds <unfixed> (bug #1036703)
+ [bookworm] - teeworlds <ignored> (Minor issue)
+ [bullseye] - teeworlds <ignored> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
NOT-FOR-US: Finex Media Competition Management System
@@ -101,6 +224,18 @@ CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin
NOT-FOR-US: KaiOS
CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...)
NOT-FOR-US: KaiOS
+CVE-2023-32409
+ - webkit2gtk <unfixed> (unimportant)
+ - wpewebkit <unfixed> (unimportant)
+ NOTE: Affects the GPU process which is not supported by the GTK and WPE ports
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=255350
+ NOTE: https://github.com/WebKit/WebKit/pull/12660
+ NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856
+CVE-2023-32373
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=254840
+ NOTE: https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c
CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firm ...)
NOT-FOR-US: Teltonika
CVE-2023-32349 (Versions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT router fi ...)
@@ -122,22 +257,26 @@ CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vul
CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...)
NOT-FOR-US: cu/silicon
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1036701)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1036701)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1036701)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1036701)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611
@@ -166,7 +305,10 @@ CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/47c29d69212911f50bdcdd0564b5999a559010d4 (6.3-rc4)
CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...)
- TODO: check
+ - qt6-base <unfixed>
+ - qtbase-opensource-src <unfixed>
+ - qtbase-opensource-src-gles <unfixed>
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644
CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...)
NOT-FOR-US: Nissan Sylphy Classic 2021
CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...)
@@ -316,7 +458,7 @@ CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Co
CVE-2023-32763
- qt6-base 6.4.2+dfsg-8
- qtbase-opensource-src 5.15.8+dfsg-10
- - qtbase-opensource-src-gles <unfixed>
+ - qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000413.html
NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
NOTE: https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
@@ -325,7 +467,7 @@ CVE-2023-32763
CVE-2023-32762
- qt6-base 6.4.2+dfsg-9
- qtbase-opensource-src 5.15.8+dfsg-10
- - qtbase-opensource-src-gles <unfixed>
+ - qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
CVE-2023-XXXX [XSS in RSS syntax]
- dokuwiki 0.0.20220731.a-2 (bug #1036279)
@@ -582,124 +724,149 @@ CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S
CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137
NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09
CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138
NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830
CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec
CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494
CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129
NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131
CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134
NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526
CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc
CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1130
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ec54f1c7b50df944ae4a8d3e29cd7eaf1cc97b21
CVE-2023-31620 (An issue in the dv_compare component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1128
NOTE: https://github.com/openlink/virtuoso-opensource/commit/a4997ed2499c4de8c95e2de9e2a07b60384fbbec
CVE-2023-31619 (An issue in the sch_name_to_object component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1133
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1136
NOTE: https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df
CVE-2023-31617 (An issue in the dk_set_delete component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1127
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f
CVE-2023-31616 (An issue in the bif_mod component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1122
NOTE: https://github.com/openlink/virtuoso-opensource/commit/25fff0eaa85898004bb14909e9f29d16b2918792
CVE-2023-31615 (An issue in the chash_array component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1124
NOTE: https://github.com/openlink/virtuoso-opensource/commit/d02925b18e3ad0244ae7c52acf92bfa686738eb2
CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1117
NOTE: https://github.com/openlink/virtuoso-opensource/commit/7c488ae70803b208a94bf12fee792195caddbf7d
CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1121
NOTE: https://github.com/openlink/virtuoso-opensource/commit/171718c844530864cb375213c8b9cbc8ba079efc
CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1125
CVE-2023-31611 (An issue in the __libc_longjmp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1119
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74
CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1118
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink virtuoso-opens ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1126
CVE-2023-31608 (An issue in the artm_div_int component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1123
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094
CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
+ [buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe
CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...)
@@ -3056,6 +3223,8 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso
CVE-2023-2157
RESERVED
- imagemagick <unfixed> (bug #1036476)
+ [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
@@ -3780,10 +3949,10 @@ CVE-2023-2067
RESERVED
CVE-2023-2066
RESERVED
-CVE-2023-2065
- RESERVED
-CVE-2023-2064
- RESERVED
+CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...)
+ NOT-FOR-US: Armoli Technology Cargo Tracking System
+CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ NOT-FOR-US: Minova Technology eTrace
CVE-2023-2063
RESERVED
CVE-2023-2062
@@ -3820,8 +3989,8 @@ CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting Sys
NOT-FOR-US: Campcodes Advanced Online Voting System
CVE-2023-2046
RESERVED
-CVE-2023-2045
- RESERVED
+CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ NOT-FOR-US: Ipekyolu Software Auto Damage Tracking Software
CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...)
@@ -6454,8 +6623,7 @@ CVE-2023-1945
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945
-CVE-2023-1944
- RESERVED
+CVE-2023-1944 (This vulnerability enables ssh access to minikube container using a de ...)
NOT-FOR-US: minikube
CVE-2023-1943
RESERVED
@@ -6575,11 +6743,11 @@ CVE-2023-29482
CVE-2023-29481
RESERVED
CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked af ...)
- - rnp <unfixed> (bug #1034558)
+ - rnp 0.16.3-1 (bug #1034558)
NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed.)
{DSA-5392-1 DLA-3400-1}
- - rnp <unfixed> (bug #1034558)
+ - rnp 0.16.3-1 (bug #1034558)
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479
NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
@@ -7694,6 +7862,7 @@ CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...)
- cloud-init <unfixed> (bug #1035023)
+ [bookworm] - cloud-init <no-dsa> (Minor issue)
[bullseye] - cloud-init <no-dsa> (Minor issue)
[buster] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/cloud-init/+bug/2013967
@@ -9037,13 +9206,8 @@ CVE-2023-1603 (Permission bypass when importing or synchronizing entriesin User
NOT-FOR-US: Devolutions
CVE-2023-1602
RESERVED
-CVE-2023-1601 [QEMU: QXL: integer overflow in cursor_alloc (incomplete fix for CVE-2021-4206)]
- RESERVED
- - qemu <unfixed> (unimportant)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2208325
- NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg01907.html
- NOTE: No code path can trigger an overflow with current codebase, but protected with:
- NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg05867.html
+CVE-2023-1601
+ REJECTED
CVE-2023-1600
RESERVED
CVE-2023-1599
@@ -9283,7 +9447,11 @@ CVE-2023-1553
CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...)
NOT-FOR-US: ToolboxST
CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...)
- TODO: check
+ [experimental] - tomcat10 10.1.8-1
+ - tomcat10 <unfixed>
+ - tomcat9 <not-affected> (Incomplete fix for CVE-2023-24998 not applied)
+ NOTE: https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc (10.1.8)
+ NOTE: https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861 (9.0.74)
CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse ...)
{DSA-5381-1 DLA-3384-1}
- tomcat10 10.1.6-1
@@ -10702,6 +10870,7 @@ CVE-2023-28322 [more POST-after-PUT confusion]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28322.html
NOTE: Introduced by: https://github.com/curl/curl/commit/546572da0457f37c698c02d0a08d90fdfcbeedec (curl-7_7)
NOTE: Fixed by: https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de6c5e61272c496b (curl-8_1_0)
@@ -10709,6 +10878,7 @@ CVE-2023-28321 [IDN wildcard match]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28321.html
NOTE: Introduced by: https://github.com/curl/curl/commit/9631fa740708b1890197fad01e25b34b7e8eb80e (curl-7_12_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/199f2d440d8659b42670c1b796220792b01a97bf (curl-8_1_0)
@@ -10716,6 +10886,7 @@ CVE-2023-28320 [siglongjmp race condition]
RESERVED
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28320.html
NOTE: Introduced by: https://github.com/curl/curl/commit/3c49b405de4fbf1fd7127f91908261268640e54f (curl-7_9_8)
NOTE: Fixed by: https://github.com/curl/curl/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2 (curl-8_1_0)
@@ -11029,6 +11200,11 @@ CVE-2023-28205 (A use after free issue was addressed with improved memory manage
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2023-28204
RESERVED
+ - qtwebkit-opensource-src <unfixed>
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930
+ NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
CVE-2023-28203
RESERVED
CVE-2023-28202
@@ -11180,6 +11356,7 @@ CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure th
CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
{DLA-3373-1}
- json-smart <unfixed> (bug #1033474)
+ [bookworm] - json-smart <no-dsa> (Minor issue)
[bullseye] - json-smart <no-dsa> (Minor issue)
NOTE: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
NOTE: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9)
@@ -13013,7 +13190,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics libra
NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
{DLA-3394-1}
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1036697)
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
@@ -13085,8 +13262,7 @@ CVE-2023-24596
RESERVED
CVE-2023-22437
RESERVED
-CVE-2023-1174
- RESERVED
+CVE-2023-1174 (This vulnerability exposes a network port in minikube running on macOS ...)
NOT-FOR-US: minikube
CVE-2023-1173
REJECTED
@@ -16902,19 +17078,22 @@ CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HT
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
- - angular.js <unfixed>
+ - angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
- - angular.js <unfixed>
+ - angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular ...)
- - angular.js <unfixed>
+ - angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
+ [buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
CVE-2023-26115
RESERVED
@@ -18742,8 +18921,8 @@ CVE-2023-25600
RESERVED
CVE-2023-25599
RESERVED
-CVE-2023-25598
- RESERVED
+CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
+ TODO: check
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
NOT-FOR-US: Mitel
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
@@ -19238,7 +19417,7 @@ CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
CVE-2023-25441
RESERVED
CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
- - civicrm <unfixed>
+ - civicrm <unfixed> (bug #1036695)
CVE-2023-25439
RESERVED
CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
@@ -20207,8 +20386,8 @@ CVE-2023-25030
RESERVED
CVE-2023-25029
RESERVED
-CVE-2023-25028
- RESERVED
+CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
+ NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25026
@@ -20253,6 +20432,7 @@ CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5
NOT-FOR-US: dst-admin
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
- jpeg-xl <unfixed> (bug #1034722)
+ [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
@@ -20359,12 +20539,17 @@ CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowe ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
+ - tomcat10 10.1.5-1
+ - tomcat9 <unfixed>
- libcommons-fileupload-java 1.4-2 (bug #1031733)
[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
[buster] - libcommons-fileupload-java <no-dsa> (Minor issue)
NOTE: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17 (commons-fileupload-1.5)
NOTE: Caution: patch is no-op by default, reverse-dependencies would need to provide updated settings
NOTE: https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
+ NOTE: https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce (10.1.5)
+ NOTE: https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74 (9.0.71)
+ NOTE: When fixing the issue make sure to apply complete fixes to not open CVE-2023-28709
CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -27454,7 +27639,7 @@ CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of
NOTE: https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 (v1.5.1)
NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq
CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...)
- {DLA-3292-1}
+ {DSA-5410-1 DLA-3292-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654)
NOTE: https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6 (v1.13.11)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
@@ -31620,19 +31805,19 @@ CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2023-21983
RESERVED
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21975
RESERVED
CVE-2023-21974
@@ -31640,7 +31825,7 @@ CVE-2023-21974
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
NOT-FOR-US: MySQL Connector for Java
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
@@ -31656,7 +31841,7 @@ CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 <unfixed> (bug #1036280)
- openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -31664,7 +31849,7 @@ CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21961
RESERVED
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -31678,13 +31863,13 @@ CVE-2023-21957
CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed> (bug #1036280)
- openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21951
@@ -31696,11 +31881,11 @@ CVE-2023-21949
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
NOT-FOR-US: Oracle
CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
@@ -31710,7 +31895,7 @@ CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and Provisi
CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
NOT-FOR-US: Oracle
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u372-ga-1
- openjdk-11 <unfixed> (bug #1036280)
@@ -31726,11 +31911,11 @@ CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
NOT-FOR-US: Oracle
CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
NOT-FOR-US: Oracle
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -31740,7 +31925,7 @@ CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 <unfixed> (bug #1036280)
- openjdk-17 <unfixed> (bug #1035957)
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
@@ -31758,9 +31943,9 @@ CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of Or
CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
NOT-FOR-US: Oracle
CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...)
NOT-FOR-US: Oracle
CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -31776,7 +31961,7 @@ CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1
CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed> (bug #1034719)
+ - mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
@@ -31975,7 +32160,7 @@ CVE-2022-47517 (An issue was discovered in the libsofia-sip fork in drachtio-ser
NOT-FOR-US: libsofia-sip fork in drachtio-server
NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for src:sofia-sip
CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...)
- {DLA-3334-1}
+ {DSA-5410-1 DLA-3334-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-5 (bug #1031792)
NOTE: Report in fork: https://github.com/drachtio/drachtio-server/issues/244
NOTE: https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14)
@@ -32472,12 +32657,12 @@ CVE-2021-4245 (A vulnerability classified as problematic has been found in chbro
NOT-FOR-US: rfc6902
CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47448
- RESERVED
-CVE-2022-47447
- RESERVED
-CVE-2022-47446
- RESERVED
+CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-47445
RESERVED
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
@@ -33390,8 +33575,8 @@ CVE-2022-47182
RESERVED
CVE-2022-47181
RESERVED
-CVE-2022-47180
- RESERVED
+CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178
@@ -33446,8 +33631,8 @@ CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolutio
NOT-FOR-US: WordPress plugin
CVE-2022-47153
RESERVED
-CVE-2022-47152
- RESERVED
+CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-47151
RESERVED
CVE-2022-47150
@@ -34404,8 +34589,8 @@ CVE-2022-46818
RESERVED
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46816
- RESERVED
+CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
CVE-2022-46814
@@ -34448,8 +34633,8 @@ CVE-2022-46796
RESERVED
CVE-2022-46795
RESERVED
-CVE-2022-46794
- RESERVED
+CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
@@ -39000,8 +39185,8 @@ CVE-2022-45366
RESERVED
CVE-2022-45365
RESERVED
-CVE-2022-45364
- RESERVED
+CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
+ NOT-FOR-US: WordPress plugin
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45362
@@ -39851,6 +40036,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...)
+ {DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -39859,7 +40045,6 @@ CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary
[buster] - python3.7 <postponed> (Minor issue; fix along with next DLA)
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, DoS, fix along with next DLA)
NOTE: https://github.com/python/cpython/issues/98433
NOTE: https://github.com/python/cpython/pull/99092
NOTE: https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15 (v3.11.1)
@@ -42192,6 +42377,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta
NOT-FOR-US: VMware
CVE-2023-20868
RESERVED
+ NOT-FOR-US: VMware
CVE-2023-20867
RESERVED
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
@@ -50599,8 +50785,8 @@ CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjs
NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint)
CVE-2022-42226
RESERVED
-CVE-2022-42225
- RESERVED
+CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vu ...)
+ TODO: check
CVE-2022-42224
RESERVED
CVE-2022-42223
@@ -52110,6 +52296,7 @@ CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser
NOT-FOR-US: WordPress plugin
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
- nomad <unfixed> (bug #1021670)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
CVE-2022-41605
RESERVED
@@ -55878,6 +56065,7 @@ CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libwoodstox-java <unfixed> (bug #1032089)
+ [bookworm] - libwoodstox-java <no-dsa> (Minor issue)
[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
[buster] - libwoodstox-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/issues/304
@@ -66095,7 +66283,7 @@ CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerab
NOT-FOR-US: WordPress plugin
CVE-2022-36371
RESERVED
-CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE ...)
+CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
NOT-FOR-US: WordPress plugin
@@ -81078,19 +81266,19 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t
CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- {DLA-3091-1}
+ {DSA-5410-1 DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
@@ -86769,6 +86957,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not valida
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...)
+ {DLA-3432-1}
- python3.10 3.10.6-1
- python3.9 <removed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -86778,7 +86967,6 @@ CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does no
[stretch] - python3.5 <no-dsa> (Minor issue)
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
- [buster] - python2.7 <no-dsa> (Minor issue)
[stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue24778
NOTE: https://github.com/python/cpython/issues/68966
@@ -96120,7 +96308,7 @@ CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out
CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node querymen
CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
- - angular.js <unfixed>
+ - angular.js <unfixed> (bug #1036694)
[bookworm] - angular.js <no-dsa> (Minor issue)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
@@ -99993,18 +100181,22 @@ CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.1
NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (v1.9.15)
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
- nomad <unfixed> (bug #1021273)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...)
- nomad <unfixed> (bug #1021273)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
NOTE: https://github.com/hashicorp/nomad/issues/12038
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...)
- nomad <unfixed> (bug #1021273)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
NOTE: https://github.com/hashicorp/nomad/issues/12039
NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6)
CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
- nomad <unfixed> (bug #1021273)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
NOT-FOR-US: Zimbra
@@ -102679,7 +102871,7 @@ CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
CVE-2022-0357 (Unquoted Search Path or Element vulnerability in the Vulnerability Sca ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2022-0356
RESERVED
CVE-2021-4215
@@ -109400,7 +109592,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denia
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...)
- {DLA-2919-1}
+ {DLA-3432-1 DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -109411,7 +109603,6 @@ CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfe
[experimental] - python2.7 2.7.18-13.1~exp1
- python2.7 2.7.18-13.1
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43285
NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
@@ -119219,6 +119410,7 @@ CVE-2021-43416
RESERVED
CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
- nomad <unfixed> (bug #1021273)
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
NOTE: https://github.com/hashicorp/nomad/issues/11542
NOTE: https://github.com/hashicorp/nomad/pull/11554
@@ -130043,7 +130235,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -130053,7 +130245,6 @@ CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response i
- python3.4 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, DoS)
NOTE: https://bugs.python.org/issue44022
NOTE: https://github.com/python/cpython/pull/25916
NOTE: https://github.com/python/cpython/pull/26503
@@ -131255,7 +131446,7 @@ CVE-2021-39617
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...)
- {DLA-2808-1}
+ {DLA-3432-1 DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -131263,7 +131454,6 @@ CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An att
- python3.5 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, ReDoS)
NOTE: https://bugs.python.org/issue43075
NOTE: https://github.com/python/cpython/pull/24391
NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
@@ -132388,8 +132578,10 @@ CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
- NOTE: https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3
- NOTE: https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74
+ NOTE: V6 [1/4] https://github.com/ImageMagick/ImageMagick6/commit/8cd2fcd33460826628a7590dc3ce74d7785e1598
+ NOTE: V6 [2/4] https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74
+ NOTE: V6 [3/4] https://github.com/ImageMagick/ImageMagick6/commit/b60e17133b982d28816386b83174c2bc06dd39bd
+ NOTE: V6 [4/4] https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3
CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
@@ -166898,11 +167090,9 @@ CVE-2021-25751
RESERVED
CVE-2021-25750
RESERVED
-CVE-2021-25749
- RESERVED
+CVE-2021-25749 (Windows workloads can run as ContainerAdministrator even when those wo ...)
- kubernetes <not-affected> (Windows-specific)
-CVE-2021-25748
- RESERVED
+CVE-2021-25748 (A security issue was discovered in ingress-nginx where a user that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25747
RESERVED
@@ -167923,7 +168113,7 @@ CVE-2021-3178 (fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there
NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
NOTE: Disputed/mild security relevance/impact
CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
- {DLA-2919-1 DLA-2619-1}
+ {DLA-3432-1 DLA-2919-1 DLA-2619-1}
- python3.9 3.9.1-3
- python3.8 <removed>
- python3.7 <removed>
@@ -167931,7 +168121,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
[stretch] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
- python2.7 2.7.18-2
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue42938
NOTE: https://github.com/python/cpython/pull/24239
NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
@@ -197603,7 +197792,7 @@ CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC be
NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master)
NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master)
CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
- {DLA-2456-1}
+ {DLA-3432-1 DLA-2456-1}
- python3.9 3.9.0~b5-1
- python3.8 3.8.5-1
- python3.7 <removed>
@@ -220827,14 +221016,13 @@ CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Lin
NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
- {DLA-2456-1 DLA-2337-1}
+ {DLA-3432-1 DLA-2456-1 DLA-2337-1}
- python3.9 3.9.0~b5-1 (low)
- python3.8 3.8.5-1 (low)
- python3.7 <removed> (low)
[buster] - python3.7 3.7.3-2+deb10u2
- python3.5 <removed> (low)
- python2.7 2.7.18-2 (low; bug #970099)
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39017
NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master)
NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch)
@@ -241412,7 +241600,7 @@ CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x ver
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
- {DLA-2280-1}
+ {DLA-3432-1 DLA-2280-1}
- python3.8 3.8.3~rc1-1
- python3.7 <removed>
[buster] - python3.7 3.7.3-2+deb10u2
@@ -241420,8 +241608,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
- python3.4 <removed>
[jessie] - python3.4 <postponed> (Minor issue)
- python2.7 2.7.18-2 (low; bug #970099)
- [buster] - python2.7 <no-dsa> (Minor issue)
- [stretch] - python2.7 <ignored> (Too destructive to backport. Though the patch is partly ready. https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch)
[jessie] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
NOTE: https://github.com/python/cpython/pull/18284
@@ -310057,7 +310243,7 @@ CVE-2018-20589 (Ivan Cordoba Generic Content Management System (CMS) through 201
CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-a ...)
NOT-FOR-US: otfcc
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...)
- - bitcoin <unfixed>
+ - bitcoin <unfixed> (bug #1036696)
NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
NOTE: Documentation of issue: https://github.com/bitcoin/bitcoin/pull/15223
CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 May 2023] DLA-3432-1 python2.7 - security update
+ {CVE-2015-20107 CVE-2019-20907 CVE-2020-8492 CVE-2020-26116 CVE-2021-3177 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-45061}
+ [buster] - python2.7 2.7.16-2+deb10u2
[22 May 2023] DLA-3431-1 sqlite - security update
{CVE-2016-6153 CVE-2018-8740}
[buster] - sqlite 2.8.17-15+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -26,7 +26,7 @@ docker.io
NOTE: 20230303: Programming language: Go.
NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)
NOTE: 20230320: VCS: https://salsa.debian.org/lts-team/packages/docker.io.git
- NOTE: 20230424: Is in preparation.
+ NOTE: 20230424: Is in preparation. (gladk)
--
erlang (Markus Koschany)
NOTE: 20221119: Programming language: Erlang.
@@ -69,6 +69,9 @@ hdf5
NOTE: 20230520: additionally couldn't convince the build system to build for buster, something with the autogenerated .install files,
NOTE: 20230520: so giving up on the package. (tobi)
--
+kamailio (Chris Lamb)
+ NOTE: 20230524: Programming language: C.
+--
libcap2 (Abhijith PA)
NOTE: 20230517: Programming language: C.
NOTE: 20230517: VCS: https://salsa.debian.org/lts-team/packages/libcap2.git
@@ -92,7 +95,7 @@ linux (Ben Hutchings)
nbconvert
NOTE: 20230423: Programming language: Python.
NOTE: 20230423: XSS may be worth fixing and this was a lot of them. To consider if this require
- NOTE: 20230423: more work on user side and that require further analysis.
+ NOTE: 20230423: more work on user side and that require further analysis. (ola)
--
nova
NOTE: 20230302: Programming language: Python.
@@ -141,12 +144,6 @@ python-oslo.privsep
NOTE: 20221231: Programming language: Python.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
--
-python2.7 (Sylvain Beucler)
- NOTE: 20230416: Programming language: C, Python.
- NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/python2.7.git
- NOTE: 20230416: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html
- NOTE: 20230513: Backporting patches (Beuc)
---
python3.7
NOTE: 20230220: Programming language: Python.
NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git
@@ -212,7 +209,10 @@ samba
sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
- NOTE: 20230508: WIP
+ NOTE: 20230508: WIP (gladk)
+--
+sysstat
+ NOTE: 20230524: Programming language: C.
--
webkit2gtk (Emilio)
NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu)
=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,8 @@ c-ares
--
cinder
--
+docker-registry (jmm)
+--
gpac (aron)
--
jupyter-core
=====================================
lib/python/security_db.py
=====================================
@@ -910,12 +910,14 @@ class DB:
print("readBugs:")
def clear_db(cleared=[False]):
- if self.verbose:
- print(" clearing database")
# Avoid clearing the database multiple times.
if cleared[0]:
+ if self.verbose:
+ print(" finished (already cleared)")
return
else:
+ if self.verbose:
+ print(" clearing database")
cleared[0] = True
tables = ['debian_bugs', 'bugs', 'package_notes', 'bugs_notes', 'bugs_xref', 'package_notes_nodsa', 'ignored_packages', 'removed_packages', 'next_point_update']
@@ -930,8 +932,8 @@ class DB:
if self.verbose:
print(f"Table {table} does not exist")
continue
+ print (f"Clearing table {table}")
cursor.execute(f"DELETE FROM {table}")
-
# The *_status tables are regenerated anyway, no need to
# delete them here.
@@ -964,8 +966,13 @@ class DB:
"SELECT inodeprint FROM inodeprints WHERE file = ?",
(filename,)):
if old_print == current_print:
+ if self.verbose:
+ print(" unchanged: " + repr(filename))
return False
else:
+ if self.verbose:
+ print(" changed: " + repr(filename))
+ print(f" old: {old_print}, new: {current_print}")
return True
return True
@@ -974,14 +981,19 @@ class DB:
sources = self.getSources()
source_paths = [src["path"] for src in sources]
- unchanged = True
-
+ changed_source = None
for filename in source_paths + [source_removed_packages, source_ignored_unreported]:
if has_changed(path + filename):
- unchanged = False
+ if self.verbose:
+ print(" changed: " + repr(path + filename))
+ print (" clearing database")
+ changed_source = path + filename
break
- if unchanged:
+ if changed_source:
+ if self.verbose:
+ print(f" clearing database, because some files have changed (at least {changed_source})")
+ else:
if self.verbose:
print(" finished (no changes)")
return
@@ -989,6 +1001,8 @@ class DB:
clear_db()
def read_one(source):
+ if self.verbose:
+ print(" reading " + repr(source.name))
filename = source.name
current_print = self.filePrint(filename)
@@ -1003,20 +1017,14 @@ class DB:
cls = getattr(bugs, cls)
read_one(cls(path + srcpath))
+ # Read list of packages, which were removed from the status/unreported
if self.verbose:
print(" update removed packages")
self.readRemovedAndIgnoredPackages(cursor, path + source_removed_packages, table = "removed_packages")
- # Add file print to database for ignored packages
- current_print = self.filePrint(path + source_ignored_unreported)
- cursor.execute(
- """INSERT OR REPLACE INTO inodeprints (inodeprint, file)
- VALUES (?, ?)""", (current_print, source_ignored_unreported))
-
+ # Read list of packages, which should be ignored for the status/unreported
if self.verbose:
print(" update ignored packages")
-
- # Read list of packages, which should be ignored for the status/unreported
self.readRemovedAndIgnoredPackages(cursor, path + source_ignored_unreported, table = "ignored_packages")
@@ -2000,8 +2008,7 @@ class DB:
The original contents of the removed_packages table is preserved.
This function also reads the file of packages, where filing debian bugs is being ignored
- and stores it in the database. For that the table parameter must be set to 'ignored_packages'.
- The original contents of the ignored_packages table is preserved.
+ and stores it in the database.
"""
f = open(filename)
@@ -2023,9 +2030,22 @@ class DB:
else:
raise ValueError("not a package: " + repr(line))
+ # check, if {table} exists, otherwise create it
+ cursor.execute(
+ f"CREATE TABLE IF NOT EXISTS {table} (name TEXT NOT NULL PRIMARY KEY)")
+
+ # Add packages into the table
cursor.executemany(
f"INSERT OR IGNORE INTO {table} (name) VALUES (?)", gen())
+
+ # Add file print to database for removed packages
+ current_print = self.filePrint(filename)
+ cursor.execute(
+ """INSERT OR REPLACE INTO inodeprints (inodeprint, file)
+ VALUES (?, ?)""", (current_print, filename))
+
+
def getUnknownPackages(self, cursor):
"""Returns a generator for a list of unknown packages.
Each entry has the form (PACKAGE, BUG-LIST)."""
@@ -2071,7 +2091,6 @@ class DB:
if cursor is None:
cursor = self.cursor()
last_bug = None
-
result = []
for bug, pkg in cursor.execute(
f"""SELECT DISTINCT source_package_status.bug_name, source_packages.name
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/351ff96d1b9e172d4908521e6f7f12fecb5bd656...e0270ec1beb3599f8fbb8e15b5d1ed1b270b7916
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/351ff96d1b9e172d4908521e6f7f12fecb5bd656...e0270ec1beb3599f8fbb8e15b5d1ed1b270b7916
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230525/a4a586c9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list