[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18707d01 by Moritz Muehlenhoff at 2023-11-03T20:19:20+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -285,11 +285,13 @@ CVE-2023-4452 (A vulnerability has been identified in the EDR-810, EDR-G902, and
 	NOT-FOR-US: Moxa
 CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow  ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2664
 	NOTE: https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf
 CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2666
 	NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8
@@ -1645,6 +1647,8 @@ CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0
 	NOT-FOR-US: IBM
 CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...)
 	- python-werkzeug <unfixed> (bug #1054553)
+	[bookworm] - python-werkzeug <no-dsa> (Minor issue)
+	[bullseye] - python-werkzeug <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
 	NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1)
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys.  ...)
@@ -3001,6 +3005,8 @@ CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Reques
 	NOT-FOR-US: Dreamer CMS
 CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...)
 	- python-urllib3 1.26.18-1 (bug #1054226)
+	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
+	[bullseye] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
 	NOTE: https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 (1.26.18)
 CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -5271,6 +5277,8 @@ CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management Sy
 CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...)
 	{DLA-3610-1}
 	- python-urllib3 1.26.17-1 (bug #1053626)
+	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
+	[bullseye] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
 	NOTE: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb (1.26.17)
 CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18707d0185d0a283ce345688c203dd9dd00de0ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18707d0185d0a283ce345688c203dd9dd00de0ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231103/2edb3910/attachment.htm>