[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Nov 16 21:07:31 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b8b4809a by Moritz Muehlenhoff at 2023-11-16T22:07:05+01:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,6 +6,7 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API
NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <not-affected> (Only affects 4.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19369
CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsy ...)
@@ -12492,6 +12493,8 @@ CVE-2023-40316
- moodle <removed>
CVE-2023-38037 [Active Support Possibly Discloses Locally Encrypted Files]
- rails <unfixed> (bug #1051057)
+ [bookworm] - rails <no-dsa> (Minor issue)
+ [bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
NOTE: https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731 (v7.0.7.1)
@@ -36216,6 +36219,8 @@ CVE-2023-28363
CVE-2023-28362 [Possible XSS via User Supplied Values to redirect_to]
RESERVED
- rails <unfixed> (bug #1051058)
+ [bookworm] - rails <no-dsa> (Minor issue)
+ [bullseye] - rails <no-dsa> (Minor issue)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
NOTE: https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5 (main)
NOTE: https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441 (v6.1.7.4)
=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ tor (jmm)
--
webkit2gtk (berto)
--
+wireshark/stable
+--
xen (jmm)
--
zbar
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b4809a931283d31c3f6f9c86a82f8e20858468
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b4809a931283d31c3f6f9c86a82f8e20858468
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/0e291a03/attachment.htm>
More information about the debian-security-tracker-commits
mailing list