[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 31 10:29:31 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ca642fa by Moritz Muehlenhoff at 2023-05-31T11:27:37+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -488,6 +488,8 @@ CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.1
 	NOT-FOR-US: M-Files
 CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...)
 	- python-tornado <unfixed> (bug #1036875)
+	[bookworm] - python-tornado <no-dsa> (Minor issue)
+	[bullseye] - python-tornado <no-dsa> (Minor issue)
 	NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2)
 CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...)
 	NOT-FOR-US: Wacom Tablet Driver installer
@@ -5420,12 +5422,11 @@ CVE-2023-30302
 CVE-2023-30301
 	RESERVED
 CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes an infin ...)
-	- wabt <unfixed> (bug #1035686)
-	[bullseye] - wabt <no-dsa> (Minor issue)
-	[buster] - wabt <no-dsa> (Minor issue)
+	- wabt <unfixed> (unimportant; bug #1035686)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2180
 	NOTE: https://github.com/WebAssembly/wabt/pull/2183
 	NOTE: https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c
+	NOTE: Hang in CLI tool, no security impact
 CVE-2023-30299
 	RESERVED
 CVE-2023-30298
@@ -8898,6 +8899,8 @@ CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from
 	NOTE: https://hackerone.com/reports/1679267
 CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...)
 	- nextcloud-desktop <unfixed> (bug #1034184)
+	[bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
+	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8
 	NOTE: https://github.com/nextcloud/desktop/pull/5560
@@ -47978,6 +47981,7 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789.)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...)
 	- wordpress <unfixed> (bug #1033251)
+	[bookworm] - wordpress <no-dsa> (Minor issue)
 	[bullseye] - wordpress <no-dsa> (Minor issue)
 	[buster] - wordpress <postponed> (Minor issue)
 	NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
@@ -54838,6 +54842,7 @@ CVE-2022-40900
 	RESERVED
 CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...)
 	- python-future <unfixed> (bug #1031699)
+	[bookworm] - python-future <no-dsa> (Minor issue)
 	[bullseye] - python-future <no-dsa> (Minor issue)
 	[buster] - python-future <no-dsa> (Minor issue)
 	NOTE: https://github.com/PythonCharmers/python-future/pull/610
@@ -143613,6 +143618,8 @@ CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio de
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511 (v7.0.0-rc1)
 CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...)
 	- imagemagick <unfixed>
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
+	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
 	NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a


=====================================
data/dsa-needed.txt
=====================================
@@ -75,6 +75,8 @@ salt
 --
 samba
 --
+sofia-sip
+--
 webkit2gtk
 --
 wpewebkit



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ca642fa3bd1e368c20b37d333878363e0a2ebb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ca642fa3bd1e368c20b37d333878363e0a2ebb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230531/0ac6e863/attachment.htm>

More information about the debian-security-tracker-commits mailing list