[Git][security-tracker-team/security-tracker][master] bzllseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Nov 3 15:13:21 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39c8ead8 by Moritz Muehlenhoff at 2023-11-03T15:47:16+01:00
bzllseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,6 +16,8 @@ CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain ele
NOT-FOR-US: IBM
CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...)
- pillow 10.0.0-1
+ [bookworm] - pillow <no-dsa> (Minor issue)
+ [bullseye] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/7244
NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0)
CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...)
@@ -26,6 +28,8 @@ CVE-2023-43018 (IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an op
NOT-FOR-US: IBM
CVE-2023-42299 (Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a ...)
- openimageio 2.4.13.0+dfsg-1
+ [bookworm] - openimageio <no-dsa> (Minor issue)
+ [bullseye] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/OpenImageIO/oiio/issues/3840
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0)
@@ -868,6 +872,8 @@ CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple
NOT-FOR-US: Proxmox proxmox-widget-toolkit
CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...)
- exfatprogs 1.2.2-1
+ [bookworm] - exfatprogs <no-dsa> (Minor issue)
+ [bullseye] - exfatprogs <no-dsa> (Minor issue)
NOTE: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf (1.2.2)
NOTE: https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 (1.2.2)
NOTE: https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae (1.2.2)
@@ -2020,6 +2026,8 @@ CVE-2023-43045 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2
NOT-FOR-US: IBM
CVE-2023-42295 (An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to ex ...)
- openimageio 2.4.16.0+dfsg-1 (bug #1054873)
+ [bookworm] - openimageio <no-dsa> (Minor issue)
+ [bullseye] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3948
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/15750af31a5d130ea63ac133453eb5448cefa636 (v2.5.3.0-beta1)
@@ -2097,6 +2105,8 @@ CVE-2023-46306 (The web administration interface in NetModule Router Software (N
NOT-FOR-US: NetModule Router Software
CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
- calibre 6.19.1-1
+ [bookworm] - calibre <no-dsa> (Minor issue)
+ [bullseye] - calibre <no-dsa> (Minor issue)
NOTE: https://github.com/0x1717/ssrf-via-img
NOTE: https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b (v6.19.0)
CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) before 2.15 ...)
@@ -2616,11 +2626,15 @@ CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...)
- apache2 2.4.58-1
+ [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...)
- apache2 2.4.58-1
+ [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622
CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...)
@@ -25053,6 +25067,8 @@ CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitH
NOT-FOR-US: Alf.io
CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...)
- apache2 2.4.58-1
+ [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122
CVE-2023-31121
=====================================
data/dsa-needed.txt
=====================================
@@ -52,6 +52,8 @@ php-horde-mime-viewer/oldstable
--
php-horde-turba/oldstable
--
+phppgdamin
+--
pmix (carnil)
--
py7zr/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c8ead8bb5aac109285e9acd51a2d5777dae627
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c8ead8bb5aac109285e9acd51a2d5777dae627
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231103/93b2716b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list