[Git][security-tracker-team/security-tracker][master] 7 commits: data/dla-needed.txt: Triage cinder for buster LTS (CVE-2023-2088)

Chris Lamb (@lamby) lamby at debian.org
Thu May 25 18:16:29 BST 2023 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89a6b3e7 by Chris Lamb at 2023-05-25T10:10:35-07:00
data/dla-needed.txt: Triage cinder for buster LTS (CVE-2023-2088)

- - - - -
ea8a9221 by Chris Lamb at 2023-05-25T10:11:00-07:00
data/dla-needed.txt: Triage python-glance-store for buster LTS (CVE-2023-2088)

- - - - -
4df70fb5 by Chris Lamb at 2023-05-25T10:11:20-07:00
data/dla-needed.txt: Triage python-os-brick for buster LTS (CVE-2023-2088)

- - - - -
d3254bb1 by Chris Lamb at 2023-05-25T10:12:17-07:00
Add cross-referencing note for CVE-2023-2088.

- - - - -
04e429e7 by Chris Lamb at 2023-05-25T10:13:55-07:00
data/dla-needed.txt: Triage docker-registry for buster LTS (CVE-2023-2253)

- - - - -
86fa8f86 by Chris Lamb at 2023-05-25T10:14:42-07:00
Triage CVE-2023-2157 in imagemagick for buster LTS.

- - - - -
b366bacf by Chris Lamb at 2023-05-25T10:15:36-07:00
Triage CVE-2023-0180 in nvidia-graphics-drivers-legacy-390xx for buster LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3225,6 +3225,7 @@ CVE-2023-2157
 	- imagemagick <unfixed> (bug #1036476)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
 CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
@@ -26793,6 +26794,7 @@ CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a
 	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
 	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)


=====================================
data/dla-needed.txt
=====================================
@@ -22,6 +22,13 @@ cairosvg
   NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert)
   NOTE: 20230519: VCS: https://salsa.debian.org/lts-team/packages/cairosvg.git
 --
+cinder
+  NOTE: 20230525: Programming language: Python.
+  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
+--
+docker-registry
+  NOTE: 20230525: Programming language: Go.
+--
 docker.io
   NOTE: 20230303: Programming language: Go.
   NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)
@@ -111,6 +118,7 @@ nova
   NOTE: 20230302: Later suites (e.g. bullseye) ship a direct upstream patch and are not affected.
   NOTE: 20230302: We can either rework the patch, or disable .vmdk support entirely.
   NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
+  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
 --
 nvidia-cuda-toolkit
   NOTE: 20230514: Programming language: binary blobs.
@@ -141,6 +149,14 @@ php-cas
   NOTE: 20221110: a DSA is planned (Beuc/front-desk)
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git
 --
+python-glance-store
+  NOTE: 20230525: Programming language: Python.
+  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
+--
+python-os-brick
+  NOTE: 20230525: Programming language: Python.
+  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
+--
 python-oslo.privsep
   NOTE: 20221231: Programming language: Python.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d66921d44fd976aed4e8664930e91c7d0791aa7e...b366bacfa1831723bd8f64dfe7bbad4e1f10ae57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d66921d44fd976aed4e8664930e91c7d0791aa7e...b366bacfa1831723bd8f64dfe7bbad4e1f10ae57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230525/5dfb24f4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list