[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f48e587f by Moritz Muehlenhoff at 2023-11-14T17:18:56+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -261,10 +261,14 @@ CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In v
 	- gitsign <itp> (bug #1019518)
 CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...)
 	- openvpn 2.6.7-1 (bug #1055805)
+	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
+	[buster] - openvpn <not-affected> (Vulnerable code not present)
 	NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46850
 	NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
 CVE-2023-46849 (Using the --fragment option in certain configuration setups OpenVPN ve ...)
 	- openvpn 2.6.7-1 (bug #1055805)
+	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
+	[buster] - openvpn <not-affected> (Vulnerable code not present)
 	NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46849
 	NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
 CVE-2023-6076 (A vulnerability classified as problematic was found in PHPGurukul Rest ...)
@@ -5252,6 +5256,8 @@ CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer ove
 	NOTE: https://support.zabbix.com/browse/ZBX-23390
 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps  ...)
 	- zabbix <unfixed> (bug #1053877)
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-23389
 	NOTE: possible upstream fix (4.0.x) https://github.com/zabbix/zabbix/commit/d05854bc0e638bbc0c2077ded09797648dba0911
 CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
@@ -13371,6 +13377,8 @@ CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...)
 	- puma 5.6.7-1 (bug #1050079)
+	[bookworm] - puma <no-dsa> (Minor issue)
+	[bullseye] - puma <no-dsa> (Minor issue)
 	[buster] - puma <ignored> (invasive to backport)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
 	NOTE: https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a (master)


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ nodejs
 --
 nova/oldstable
 --
+openvpn (jmm)
+--
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f48e587f848d5df04942cd885d8ae7e736fc55e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f48e587f848d5df04942cd885d8ae7e736fc55e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231114/8361de9b/attachment.htm>