[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 5 16:52:24 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cf10d84 by Moritz Muehlenhoff at 2023-11-05T17:51:49+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -768,6 +768,8 @@ CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross Site
 	NOT-FOR-US: Best Courier Management System
 CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulne ...)
 	- jbig2dec <unfixed> (bug #1055387)
+	[bookworm] - jbig2dec <no-dsa> (Minor issue)
+	[bullseye] - jbig2dec <no-dsa> (Minor issue)
 	NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707308
 CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules  ...)
@@ -10546,6 +10548,8 @@ CVE-2023-40582 (find-exec is a utility to discover available shell commands. Ver
 CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	{DLA-3606-1}
 	- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/bdb3909a7713fb0b3d94c9676fe44d19de80eb4b (2.11.0)
 CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
@@ -10556,6 +10560,8 @@ CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol
 CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	{DLA-3606-1}
 	- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0)
 CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...)
@@ -10568,6 +10574,8 @@ CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In
 CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	{DLA-3606-1}
 	- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/c23cbdc4a5756bd723223c7139654de7439fdcc0 (2.11.0)
 CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...)
@@ -11253,6 +11261,8 @@ CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publish
 CVE-2023-40569 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	{DLA-3606-1}
 	- freerdp2 <unfixed> (bug #1051638)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/23c3daeca1598393f8c93f563f7847a4d67919f1 (2.11.0)
 CVE-2023-40568
@@ -11260,6 +11270,8 @@ CVE-2023-40568
 CVE-2023-40567 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	{DLA-3606-1}
 	- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/bacb8c016ef72aa767760b6b01d15500aee9d59a (2.11.0)
 CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...)
@@ -29909,9 +29921,8 @@ CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS
 	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string  ...)
-	- zabbix <unfixed> (bug #1055175)
-	[buster] - zabbix <not-affected> (buster does not have the Go agent)
-	NOTE: https://support.zabbix.com/browse/ZBX-23388
+	- zabbix <unfixed> (unimportant)
+	NOTE: Zabbix in Debian uses Debian Go package
 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...)
 	- zabbix <unfixed> (bug #1055175)
 	[bookworm] - zabbix <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf10d84e2381d0bb9184344c61a78c028532647

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf10d84e2381d0bb9184344c61a78c028532647
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231105/64971817/attachment.htm>

More information about the debian-security-tracker-commits mailing list