[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 28 09:55:30 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c672b3cb by Moritz Mühlenhoff at 2023-05-28T10:54:51+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -336,6 +336,7 @@ CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite datab
NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
CVE-2023-32685 [Clipboard based cross-site scripting (blocked with default CSP)]
- kanboard <unfixed>
+ [bookworm] - kanboard <no-dsa> (Minor issue)
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...)
- requests <unfixed> (bug #1036693)
@@ -951,148 +952,173 @@ CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S
NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137
NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09
CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138
NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830
CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec
CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494
CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129
NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131
CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134
NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526
CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc
CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1130
NOTE: https://github.com/openlink/virtuoso-opensource/commit/ec54f1c7b50df944ae4a8d3e29cd7eaf1cc97b21
CVE-2023-31620 (An issue in the dv_compare component of openlink virtuoso-opensource v ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1128
NOTE: https://github.com/openlink/virtuoso-opensource/commit/a4997ed2499c4de8c95e2de9e2a07b60384fbbec
CVE-2023-31619 (An issue in the sch_name_to_object component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1133
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1136
NOTE: https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df
CVE-2023-31617 (An issue in the dk_set_delete component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1127
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f
CVE-2023-31616 (An issue in the bif_mod component of openlink virtuoso-opensource v7.2 ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1122
NOTE: https://github.com/openlink/virtuoso-opensource/commit/25fff0eaa85898004bb14909e9f29d16b2918792
CVE-2023-31615 (An issue in the chash_array component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1124
NOTE: https://github.com/openlink/virtuoso-opensource/commit/d02925b18e3ad0244ae7c52acf92bfa686738eb2
CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink virtuos ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1117
NOTE: https://github.com/openlink/virtuoso-opensource/commit/7c488ae70803b208a94bf12fee792195caddbf7d
CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink virtuoso-o ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1121
NOTE: https://github.com/openlink/virtuoso-opensource/commit/171718c844530864cb375213c8b9cbc8ba079efc
CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1125
CVE-2023-31611 (An issue in the __libc_longjmp component of openlink virtuoso-opensour ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1119
NOTE: https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74
CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink virtuoso-open ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1118
NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink virtuoso-opens ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1126
CVE-2023-31608 (An issue in the artm_div_int component of openlink virtuoso-opensource ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1123
NOTE: https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094
CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-opensourc ...)
- virtuoso-opensource <unfixed> (bug #1036467)
+ [bookworm] - virtuoso-opensource <no-dsa> (Minor issue)
[bullseye] - virtuoso-opensource <no-dsa> (Minor issue)
[buster] - virtuoso-opensource <no-dsa> (Minor issue)
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120
@@ -1103,6 +1129,7 @@ CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW
NOT-FOR-US: SICK
CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleartext ma ...)
- keepass2 <unfixed>
+ [bookworm] - keepass2 <no-dsa> (Minor issue)
[bullseye] - keepass2 <no-dsa> (Minor issue)
[buster] - keepass2 <no-dsa> (Minor issue)
NOTE: https://github.com/vdohney/keepass-password-dumper
@@ -1290,6 +1317,8 @@ CVE-2023-2501
REJECTED
CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
- etcd <unfixed> (bug #1036295)
+ [bookworm] - etcd <no-dsa> (Minor issue)
+ [bullseye] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/etcd-io/etcd/pull/15656
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298
CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...)
@@ -6077,6 +6106,7 @@ CVE-2023-29840
RESERVED
CVE-2023-29839 (A Stored Cross Site Scripting (XSS) vulnerability exists in multiple p ...)
- hoteldruid <unfixed> (bug #1035671)
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/jichngan/CVE-2023-29839
@@ -90436,6 +90466,7 @@ CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux
- linux <not-affected> (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189)
CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...)
- imagemagick <unfixed> (bug #1013282)
+ [bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -124136,6 +124167,7 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
NOTE: Memory leak in GUI application, no security impact
CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...)
- vtk9 <unfixed> (bug #1031877)
+ [bookworm] - vtk9 <no-dsa> (Minor issue)
[bullseye] - vtk9 <no-dsa> (Minor issue)
- vtk7 <unfixed> (bug #1034844)
[bullseye] - vtk7 <no-dsa> (Minor issue)
@@ -160962,6 +160994,8 @@ CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer derefe
- libredwg <itp> (bug #595191)
CVE-2021-28235 (Authentication vulnerability found in Etcd-io v.3.4.10 allows remote a ...)
- etcd <unfixed> (bug #1034840)
+ [bookworm] - etcd <no-dsa> (Minor issue)
+ [bullseye] - etcd <no-dsa> (Minor issue)
[buster] - etcd <no-dsa> (Minor issue; only when debug is enabled)
NOTE: https://github.com/etcd-io/etcd/pull/15648
NOTE: https://github.com/etcd-io/etcd/pull/15655
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c672b3cb9428c21fb68ee2302027689eb326ea95
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c672b3cb9428c21fb68ee2302027689eb326ea95
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/e47d806a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list