[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbf5d52a by Moritz Muehlenhoff at 2023-11-16T11:57:11+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,9 +32,13 @@ CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 al
 	NOTE: https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7
 CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456574705 ...)
 	- ffmpeg 7:6.1-1
+	[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
+	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1)
 	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/
 	NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg
+	NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819
 CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...)
 	TODO: check
 CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...)
@@ -5928,6 +5932,8 @@ CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
 	NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow  ...)
 	- zabbix <unfixed> (bug #1053877)
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	[buster] - zabbix <not-affected> (vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-23390
 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps  ...)
@@ -33638,6 +33644,7 @@ CVE-2023-29001
 	RESERVED
 CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.7.0-1
+	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/desktop/pull/4949
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534
@@ -33651,11 +33658,13 @@ CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud
 	NOTE: https://github.com/nextcloud/desktop/pull/5560
 CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.7.0-1
+	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/desktop/pull/5323
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
 CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.7.0-1
+	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/desktop/pull/5324
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
@@ -113225,6 +113234,7 @@ CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malici
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a (v3.2.5pre1)
 CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...)
 	- consul 1.9.17+dfsg2-1 (bug #1017982)
+	[bullseye] - consul <no-dsa> (Minor issue)
 	[buster] - consul <ignored> (Intrusive to backport)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
 	NOTE: https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19 (v1.9.17)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf5d52a8fe0533e9eab8b136fa191c981b16ef3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf5d52a8fe0533e9eab8b136fa191c981b16ef3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/297979d4/attachment.htm>