[Git][security-tracker-team/security-tracker][master] 11 commits: Triage CVE-2023-31022 in nvidia-graphics-drivers for buster LTS.

Wed Nov 1 15:24:25 GMT 2023


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24d48946 by Chris Lamb at 2023-11-01T16:17:35+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers for buster LTS.

- - - - -
a29108c9 by Chris Lamb at 2023-11-01T16:18:55+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-390xx for buster LTS.

- - - - -
5e574f7f by Chris Lamb at 2023-11-01T16:19:20+01:00
Triage CVE-2023-40217 in pypy3 for buster LTS.

- - - - -
e6fb2459 by Chris Lamb at 2023-11-01T16:19:40+01:00
Triage CVE-2023-5574 in xorg-server for buster LTS.

- - - - -
9e242514 by Chris Lamb at 2023-11-01T16:19:59+01:00
Triage CVE-2023-46586 in weborf for buster LTS.

- - - - -
141fbf0f by Chris Lamb at 2023-11-01T16:20:20+01:00
Triage CVE-2023-46137 in twisted for buster LTS.

- - - - -
de0f775a by Chris Lamb at 2023-11-01T16:20:36+01:00
Triage CVE-2023-46316 in traceroute for buster LTS.

- - - - -
908afea2 by Chris Lamb at 2023-11-01T16:21:01+01:00
Triage CVE-2023-5752 in python-pip for buster LTS.

- - - - -
46ec7f45 by Chris Lamb at 2023-11-01T16:21:37+01:00
Triage CVE-2023-39325 in golang-1.11 for buster LTS.

- - - - -
35acb928 by Chris Lamb at 2023-11-01T16:22:36+01:00
Triage CVE-2023-31022 in nvidia-graphics-drivers-legacy-340xx for buster LTS.

- - - - -
b66fc533 by Chris Lamb at 2023-11-01T16:23:17+01:00
Triage CVE-2023-45818 & CVE-2023-45819 in tinymce for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -915,6 +915,7 @@ CVE-2023-46137 (Twisted is an event-based framework for internet applications. P
 	- twisted <unfixed> (bug #1054913)
 	[bookworm] - twisted <no-dsa> (Minor issue)
 	[bullseye] - twisted <no-dsa> (Minor issue)
+	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
 CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...)
 	NOT-FOR-US: D-Tale
@@ -1227,6 +1228,7 @@ CVE-2023-5752 (When installing a package from a Mercurial VCS URL  (ie "pip inst
 	- python-pip 23.3+dfsg-1
 	[bookworm] - python-pip <no-dsa> (Minor issue)
 	[bullseye] - python-pip <no-dsa> (Minor issue)
+	[buster] - python-pip <no-dsa> (Minor issue)
 	NOTE: https://github.com/pypa/pip/pull/12306
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
 CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...)
@@ -1334,6 +1336,7 @@ CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This iss
 	- xorg-server <unfixed>
 	[bookworm] - xorg-server <no-dsa> (Minor issue)
 	[bullseye] - xorg-server <no-dsa> (Minor issue)
+	[buster] - xorg-server <no-dsa> (Minor issue)
 	NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189
 CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X server cr ...)
@@ -1649,11 +1652,13 @@ CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper
 	- traceroute 1:2.1.3-1
 	[bookworm] - traceroute <no-dsa> (Minor issue)
 	[bullseye] - traceroute <no-dsa> (Minor issue)
+	[buster] - traceroute <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
 CVE-2023-46586
 	- weborf 1.0-1 (bug #1054417)
 	[bookworm] - weborf <no-dsa> (Minor issue)
 	[bullseye] - weborf <no-dsa> (Minor issue)
+	[buster] - weborf <no-dsa> (Minor issue)
 	NOTE: https://github.com/ltworf/weborf/pull/88
 	NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0)
 CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and  ...)
@@ -2132,8 +2137,10 @@ CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, in
 	NOT-FOR-US: Artifact Hub
 CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...)
 	- tinymce <removed>
+	[buster] - tinymce <no-dsa> (Minor issue)
 CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
 	- tinymce <removed>
+	[buster] - tinymce <no-dsa> (Minor issue)
 CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...)
 	NOT-FOR-US: ArchiveBox
 CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...)
@@ -3608,6 +3615,7 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and imm
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/63417
 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...)
 	{DSA-5526-1}
@@ -10849,6 +10857,7 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.
 	- pypy3 7.3.13+dfsg-1
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <no-dsa> (Minor issue)
+	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
 	NOTE: https://github.com/python/cpython/issues/108310
 	NOTE: https://github.com/python/cpython/pull/108315
@@ -24920,6 +24929,7 @@ CVE-2023-31022
 	- nvidia-graphics-drivers <unfixed> (bug #1055136)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-open-gpu-kernel-modules <unfixed> (bug #1055144)
 	[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla <unfixed> (bug #1055143)
@@ -24935,7 +24945,9 @@ CVE-2023-31022
 	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1055138)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1055137)
+	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491
 CVE-2023-31021
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9eb509ca0d0df47c9315cfb1e597bed67b78b0df...b66fc53346aa5fe4aa0b7b741de919a1baabdcdb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/16bca332/attachment.htm>
