[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b140a47 by Moritz Muehlenhoff at 2023-11-06T23:38:48+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2265,9 +2265,7 @@ CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete
 CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
 	NOT-FOR-US: CMSmadesimple
 CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...)
-	- libstb <unfixed>
-	NOTE: https://github.com/peccc/double-stb
-	TODO: check, is this duplicate of CVE-2023-45664?
+	NOTE: Duplicate of CVE-2023-45664
 CVE-2023-39817
 	REJECTED
 CVE-2023-39816
@@ -3970,6 +3968,8 @@ CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a fin
 CVE-2023-5072 (Denial of Service  in JSON-Java versions up to and including 20230618. ...)
 	- libjson-java <unfixed> (bug #1053882)
 	- jenkins-json <unfixed> (bug #1053883)
+	[bookworm] - jenkins-json <no-dsa> (Minor issue)
+	[bullseye] - jenkins-json <no-dsa> (Minor issue)
 	- libjettison-java <unfixed> (bug #1053884)
 	[bookworm] - libjettison-java <no-dsa> (Minor issue)
 	[bullseye] - libjettison-java <no-dsa> (Minor issue)
@@ -5715,6 +5715,8 @@ CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter
 	NOT-FOR-US: DTS Monitoring
 CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...)
 	- openvswitch 3.1.2-1
+	[bookworm] - openvswitch <no-dsa> (Minor issue)
+	[bullseye] - openvswitch <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
 	NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2)
 	NOTE: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c (v3.2.0)
@@ -14293,6 +14295,8 @@ CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensib
 	NOT-FOR-US: Ethereum Name Service (ENS)
 CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...)
 	- ruby-protocol-http1 <unfixed> (bug #1043432)
+	[bookworm] - ruby-protocol-http1 <no-dsa> (Minor issue)
+	[bullseye] - ruby-protocol-http1 <no-dsa> (Minor issue)
 	NOTE: https://github.com/socketry/protocol-http1/pull/20
 	NOTE: https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding
 	NOTE: https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj
@@ -21437,6 +21441,8 @@ CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arb
 CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink  ...)
 	{DLA-3501-1}
 	- renderdoc <unfixed> (bug #1037208)
+	[bookworm] - renderdoc <no-dsa> (Minor issue)
+	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -21446,6 +21452,8 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a sy
 CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...)
 	{DLA-3501-1}
 	- renderdoc <unfixed> (bug #1037208)
+	[bookworm] - renderdoc <no-dsa> (Minor issue)
+	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -21455,6 +21463,8 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows a
 CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...)
 	{DLA-3501-1}
 	- renderdoc <unfixed> (bug #1037208)
+	[bookworm] - renderdoc <no-dsa> (Minor issue)
+	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -130847,6 +130857,7 @@ CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected
 	NOT-FOR-US: Western Digital Windows setup
 CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default  ...)
 	- netatalk 3.1.18~ds-1 (bug #1053545)
+	[bullseye] - netatalk <no-dsa> (Minor issue)
 	NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php
 	NOTE: https://github.com/Netatalk/netatalk/pull/509
 	NOTE: https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b140a471378a4a57e271a5a898354ccac037970

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b140a471378a4a57e271a5a898354ccac037970
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231106/32e56be5/attachment-0001.htm>