[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 12 18:36:10 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24e76af0 by Moritz Muehlenhoff at 2023-11-12T19:34:58+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3152,6 +3152,8 @@ CVE-2023-46602 (In International Color Consortium DemoIccMAX 79ecb74, there is a
 	NOT-FOR-US: International Color Consortium DemoIccMAX
 CVE-2023-46332 (WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataS ...)
 	- wabt <unfixed> (bug #1055299)
+	[bookworm] - wabt <no-dsa> (Minor issue)
+	[bullseye] - wabt <no-dsa> (Minor issue)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2311
 CVE-2023-46331 (WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegm ...)
 	- wabt <unfixed> (unimportant)
@@ -9608,6 +9610,8 @@ CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecil
 	NOT-FOR-US: cecil.app
 CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0  In Eclipse JGit, al ...)
 	- jgit <unfixed>
+	[bookworm] - jgit <no-dsa> (Minor issue)
+	[bullseye] - jgit <no-dsa> (Minor issue)
 	[buster] - jgit <no-dsa> (Minor issue. Only case-insensitive filesystems are affected)
 	NOTE: https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r)
 	NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
@@ -43093,7 +43097,6 @@ CVE-2022-4907 (Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.
 	- chromium 108.0.5359.71-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	- ffmpeg 7:6.0-4
-	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it lands in 5.1.x)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later)
 	[buster] - ffmpeg <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e601ec3c1991ee09ff45db3be4d894e5774f6f2b (n6.0)


=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ cinder/oldstable
 fastdds
   Awaiting feedback from maintainer on bullseye status
 --
+ffmpeg/stable (jmm)
+--
 gpac/oldstable (jmm)
 --
 libreswan (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e76af012b54053a8763f2746c36fb7ac797e69

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e76af012b54053a8763f2746c36fb7ac797e69
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231112/2f244bb0/attachment.htm>

More information about the debian-security-tracker-commits mailing list