[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 15 10:26:51 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c174d13 by Moritz Muehlenhoff at 2023-11-15T11:26:23+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,6 +18,8 @@ CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all
 	NOT-FOR-US: ASUSTeK
 CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp 3.8.1-2
+	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
+	[bullseye] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
 	NOTE: https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 (v3.8.0b0)
 CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC signature for Da ...)
@@ -28,6 +30,8 @@ CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was
 	NOT-FOR-US: Kyverno
 CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp 3.8.6-1
+	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
+	[bullseye] - python-aiohttp <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
 	NOTE: https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d (v3.8.6)
 CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in V-Server  ...)
@@ -1110,6 +1114,8 @@ CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a pr
 	NOT-FOR-US: Couchbase Server
 CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...)
 	- node-axios <unfixed>
+	[bookworm] - node-axios <no-dsa> (Minor issue)
+	[bullseye] - node-axios <no-dsa> (Minor issue)
 	NOTE: https://github.com/axios/axios/issues/6006
 CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
 	NOT-FOR-US: Zavio


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ cinder/oldstable
 fastdds
   Awaiting feedback from maintainer on bullseye status
 --
+gimp
+--
 gpac/oldstable (jmm)
 --
 intel-microcode (carnil)
@@ -92,6 +94,8 @@ squid
 --
 tiff (aron)
 --
+tor
+--
 xen (jmm)
 --
 zbar



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c174d13cb3c42bf2643b125d0e78af75826a749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c174d13cb3c42bf2643b125d0e78af75826a749
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/84314c32/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list