[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 28 21:46:44 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e41ae35a by Moritz Mühlenhoff at 2023-05-28T22:46:28+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -569,6 +569,7 @@ CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-
 	NOTE: https://git.kernel.org/linus/47c29d69212911f50bdcdd0564b5999a559010d4 (6.3-rc4)
 CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...)
 	- qt6-base 6.4.2+dfsg-10 (bug #1036848)
+	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.15.8+dfsg-11
 	- qtbase-opensource-src-gles <unfixed>
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644
@@ -1406,6 +1407,7 @@ CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path c
 	NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
 CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...)
 	- texlive-bin <unfixed> (bug #1036470)
+	[bookworm] - texlive-bin <no-dsa> (Minor issue)
 	[bullseye] - texlive-bin <no-dsa> (Minor issue)
 	[buster] - texlive-bin <no-dsa> (Minor issue)
 	NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html
@@ -10692,7 +10694,10 @@ CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deser
 	NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures)
 CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...)
 	- smarty3 <unfixed> (bug #1033964)
+	[bookworm] - smarty3 <no-dsa> (Minor issue)
+	[bullseye] - smarty3 <no-dsa> (Minor issue)
 	- smarty4 <unfixed> (bug #1033965)
+	[bookworm] - smarty4 <no-dsa> (Minor issue)
 	NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj
 	NOTE: https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72 (v4.3.1)
 	NOTE: https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad (v3.1.48)
@@ -12290,6 +12295,7 @@ CVE-2023-1290 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...)
 	- imagemagick <unfixed> (bug #1033254)
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <postponed> (Should be fixed together with some other CVEs)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
@@ -14566,6 +14572,8 @@ CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment S
 	NOT-FOR-US: SourceCodester Doctors Appointment System
 CVE-2023-1055 (A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP t ...)
 	- 389-ds-base <unfixed> (bug #1034891)
+	[bookworm] - 389-ds-base <no-dsa> (Minor issue)
+	[bullseye] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2173517
 CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
 	NOT-FOR-US: SourceCodester Music Gallery Site
@@ -147394,6 +147402,7 @@ CVE-2021-33392
 	RESERVED
 CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...)
 	- tidy-html5 <unfixed> (bug #1032665)
+	[bookworm] - tidy-html5 <no-dsa> (Minor issue)
 	[bullseye] - tidy-html5 <no-dsa> (Minor issue)
 	[buster] - tidy-html5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/htacg/tidy-html5/issues/946



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e41ae35aeddf8f8462802238f1a5833e4767375f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e41ae35aeddf8f8462802238f1a5833e4767375f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/9f30e59f/attachment.htm>

More information about the debian-security-tracker-commits mailing list