[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 7 19:51:36 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c5363e5 by Moritz Muehlenhoff at 2023-11-07T20:32:55+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18019,6 +18019,8 @@ CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis
 	NOT-FOR-US: Rockwell
 CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...)
 	- opendkim <unfixed> (bug #1041107)
+	[bookworm] - opendkim <no-dsa> (Minor issue)
+	[bullseye] - opendkim <no-dsa> (Minor issue)
 	NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...)
 	- airflow <itp> (bug #819700)
@@ -18898,6 +18900,7 @@ CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encrypti
 	NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...)
 	- osslsigncode 2.3.0-1 (bug #1035875)
+	[bullseye] - osslsigncode <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...)
 	NOT-FOR-US: Maxsite CMS
@@ -82631,18 +82634,21 @@ CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server l
 	NOT-FOR-US: matrix-rust-sdk
 CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
 	- node-matrix-js-sdk <unfixed> (bug #1021136)
+	[bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current Matrix implementations)
 	[buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...)
 	- node-matrix-js-sdk <unfixed> (bug #1021136)
+	[bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current Matrix implementations)
 	[buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
 	- node-matrix-js-sdk <unfixed> (bug #1021136)
+	[bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current Matrix implementations)
 	[buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
@@ -82684,6 +82690,7 @@ CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference impl
 	NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1)
 CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
 	- node-matrix-js-sdk <unfixed> (bug #1021136)
+	[bullseye] - node-matrix-js-sdk <ignored> (Incompatible with current Matrix implementations)
 	[buster] - node-matrix-js-sdk <postponed> (Minor issue)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76


=====================================
data/dsa-needed.txt
=====================================
@@ -73,6 +73,8 @@ ruby-nokogiri/oldstable
 --
 ruby-rails-html-sanitizer
 --
+ruby-sanitize
+--
 ruby-sinatra/oldstable
   Maintainer posted packaging repository link with proposed changes for review
 --
@@ -88,3 +90,6 @@ tiff (aron)
 --
 xen (jmm)
 --
+zbar
+  unfixed upstream
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5363e59507a38b049fa27f1f0ea7731faee9de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5363e59507a38b049fa27f1f0ea7731faee9de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/eceba7b1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list